Cisco has released patches for a critical vulnerability affecting its Secure Workload platform. This flaw, which holds a CVSS score of 10.0, could be exploited by remote attackers to access sensitive data without authentication.
Details of the Vulnerability
Identified as CVE-2026-20223, the issue arises from inadequate validation and authentication processes in the REST API endpoints of Cisco Secure Workload. The vulnerability allows attackers to send specially crafted API requests to compromised endpoints. If successful, hackers could potentially access confidential information and alter configurations across various tenant boundaries, utilizing Site Admin privileges.
Affected Versions and Solutions
The vulnerability impacts both SaaS and on-premises deployments of Cisco Secure Workload Cluster Software, irrespective of the device settings. Cisco has stated that no workarounds are available, making it crucial for users to apply the necessary updates. The security flaw has been mitigated in specific software versions: versions prior to 3.9 require migration to a fixed release, version 3.10 is patched in 3.10.8.3, and version 4.0 is secured in 4.0.3.17.
Discovery and Context
Cisco’s internal security assessments unearthed this vulnerability, and fortunately, there are no reports of it being exploited in the wild. This disclosure follows a recent revelation of another severe flaw in Cisco’s Catalyst SD-WAN Controller, known as CVE-2026-20182, which had been actively exploited by the threat actor UAT-8616.
The swift action by Cisco underscores the importance of regular security testing and timely updates to prevent potential data breaches. Users of the affected software are urged to implement the necessary updates promptly to safeguard their systems.
As cybersecurity threats continue to evolve, staying informed about vulnerabilities and patches is crucial for maintaining robust network security.
