TODAY , a critical vulnerability (CVE-2026-20191) in Cisco Catalyst Center was patched, allowing unauthenticated remote attackers to read arbitrary files from restricted containers. Cisco also disclosed seven vulnerabilities in ClamAV, potentially exposing systems to denial-of-service attacks. Despite the flaws, no exploitation has been reported in the wild. The Catalyst Center bug poses a risk to network security as it requires no authentication, facilitating deeper attacks.
The ClamAV vulnerabilities impact various file scanning engines, mainly affecting Windows systems at higher risk. It is recommended to upgrade affected systems as no effective workarounds exist, focusing first on the Catalyst Center patch before addressing ClamAV updates.