Back

Critical Cisco Secure Workload Vulnerability Exposes Sensitive Data via APIs

Severity: High (Score: 72.0)

Sources: Theregister, sec.cloudapps.cisco.com, www.cve.org, Cybersecuritynews

Published: 2026-05-21 · Updated: 2026-05-21

Keywords: cisco, secure, workload, vulnerability, access, another, perfect

Severity indicators: vulnerability, flaw, bug, ot

Summary

Cisco has announced a critical vulnerability in its Secure Workload platform, identified as CVE-2026-20223, which allows unauthenticated attackers to gain Site Admin privileges through vulnerable internal APIs. This flaw, which has a maximum CVSS score of 10.0, is due to weak validation and authentication checks in REST API endpoints. Attackers can exploit this vulnerability without needing credentials or user interaction, potentially leading to unauthorized access to sensitive information and configuration changes across tenant boundaries. The issue affects both SaaS and on-premises deployments of Cisco Secure Workload. Cisco has released patches for affected versions, specifically 3.10.8.3 for version 3.10 and 4.0.3.17 for version 4.0. The company has stated that its cloud-hosted SaaS deployments have already been patched and require no action from customers. Although Cisco is not aware of any active exploitation, the nature of the vulnerability raises concerns about potential future attacks. This disclosure follows another recent critical vulnerability announcement from Cisco, indicating a troubling pattern of security issues. Key Points: • CVE-2026-20223 allows unauthenticated access to sensitive data via internal APIs. • The vulnerability has a maximum CVSS score of 10.0, indicating critical severity. • Patches are available for affected versions, but no workarounds exist.

Detailed Analysis

**Impact** Organizations using Cisco Secure Workload Cluster Software in both SaaS and on-premises environments are affected. The vulnerability allows unauthenticated attackers to gain Site Admin privileges, enabling access to sensitive data and configuration changes across tenant boundaries. This compromises multi-tenant isolation, potentially exposing data and configurations of multiple customers. No specific sectors or geographic regions were detailed in the reports. **Technical Details** The vulnerability, tracked as CVE-2026-20223, stems from weak validation and missing authentication in internal REST API endpoints (CWE-306). Exploitation requires no credentials or user interaction, allowing remote attackers to execute unauthorized API requests to escalate privileges to Site Admin. There are no reported indicators of compromise or malware associated with this vulnerability in the articles. **Recommended Response** Apply the fixed releases immediately: Secure Workload 3.10.8.3 for version 3.10 and 4.0.3.17 for version 4.0, or migrate from unsupported versions 3.9 or earlier to a patched release. SaaS customers have been patched automatically and require no action. Monitor API access logs for unusual activity until patches are applied. No workarounds are available.

Source articles (4)

  • Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw — Theregister · 2026-05-21
    Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs Cisco has disclosed yet another perfect 10 vulnerability…
  • CVE-2026-20223 — www.cve.org · 2026-05-21
  • Cisco's barebones advisory — sec.cloudapps.cisco.com · 2026-05-21
  • Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access — Cybersecuritynews · 2026-05-21
    Cisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain unauthorized access to sensitive resources via internal APIs. T…

Timeline

  • 2026-05-20 — CVE-2026-20223 published: Cisco disclosed a critical vulnerability in Secure Workload affecting internal APIs, allowing unauthorized access.
  • 2026-05-21 — Cisco announces vulnerability details: Cisco warns that attackers can exploit the flaw without credentials, affecting both SaaS and on-prem environments.
  • 2026-05-21 — Patches released for affected versions: Cisco released patches for Secure Workload versions 3.10 and 4.0 to remediate the vulnerability.

CVEs

  • CVE-2026-20223

Related entities

  • Data Breach (Attack Type)
  • Cisco (Company)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-287 - Improper Authentication (Cwe)
  • Cwe-306 - Missing Authentication For Critical Function (Cwe)
  • CWE-862 - Missing Authorization (Cwe)
  • Cisco Secure Workload (Platform)
  • Sd-wan (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed