Critical REST API Vulnerability in Cisco Secure Workload Allows Unauthenticated Data Access and Privilege Escalation
Summary
Hide ▲
Show ▼
A critical, unauthenticated REST API vulnerability (CVE-2026-20223, CVSS 10.0) in Cisco Secure Workload enables remote attackers to read sensitive data and modify configurations across tenant boundaries with Site Admin privileges. The flaw affects both SaaS and on-prem deployments across multiple software releases, with no available workarounds. Exploitation requires crafting a malicious API request to a vulnerable endpoint, posing significant risk to network isolation and data confidentiality.
Timeline
-
22.05.2026 08:36 1 articles · 12h ago
Cisco Secure Workload Critical REST API Flaw Patched (CVE-2026-20223)
Cisco released patches for a critical, unauthenticated REST API vulnerability (CVE-2026-20223, CVSS 10.0) in Secure Workload affecting SaaS and on-prem deployments. The flaw allows remote attackers to read sensitive data and make configuration changes with Site Admin privileges across tenant boundaries. Fixed versions include 3.10.8.3, 4.0.3.17, and migration to 3.9+ releases. Cisco found the issue during internal testing and reports no evidence of exploitation in the wild.
Show sources
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access — thehackernews.com — 22.05.2026 08:36
Information Snippets
-
CVE-2026-20223 impacts Cisco Secure Workload Cluster Software in SaaS and on-prem deployments, with no configuration-dependent restrictions.
First reported: 22.05.2026 08:361 source, 1 articleShow sources
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access — thehackernews.com — 22.05.2026 08:36
-
The vulnerability stems from insufficient input validation and authentication in REST API endpoints, allowing unauthenticated remote access.
First reported: 22.05.2026 08:361 source, 1 articleShow sources
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access — thehackernews.com — 22.05.2026 08:36
-
Successful exploitation enables attackers to read sensitive data, make configuration changes, and escalate privileges to the Site Admin user level across tenant boundaries.
First reported: 22.05.2026 08:361 source, 1 articleShow sources
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access — thehackernews.com — 22.05.2026 08:36
-
Cisco confirms no workarounds exist and patches are available in Secure Workload releases 3.10.8.3, 4.0.3.17, and migration to 3.9+ fixed releases.
First reported: 22.05.2026 08:361 source, 1 articleShow sources
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access — thehackernews.com — 22.05.2026 08:36
-
Cisco discovered the flaw internally during security testing and reports no evidence of in-the-wild exploitation to date.
First reported: 22.05.2026 08:361 source, 1 articleShow sources
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access — thehackernews.com — 22.05.2026 08:36