Cisco patches critical unauthenticated REST API flaw in Secure Workload

May 22, 2026 at 10:13 PM

•

1 min read

Cisco patches critical unauthenticated REST API flaw in Secure Workload — Photo: The Hacker News

TL;DR Summary

Cisco fixed a high-severity, unauthenticated REST API vulnerability in Secure Workload (CVE-2026-20223, CVSS 10.0) that could let remote attackers read sensitive data and alter tenant configurations across boundaries with Site Admin privileges. The flaw affects Secure Workload Cluster Software on SaaS and on-prem deployments with no available workarounds; patches are available in Release 3.10.8.3 (3.10) and 4.0.3.17 (4.0), with users of 3.9 and earlier advised to migrate. Cisco notes no known exploits in the wild at this time; the article also references a separate CVE-2026-20182 exploit in Catalyst SD-WAN Controller.

Topics:technology #cisco #cve-2026-20223 #data-exposure #rest-api #secure-workload #security

Share this article

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access The Hacker News
Cisco Patches Critical Vulnerability in Secure Workload SecurityWeek
Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw The Register
Cisco patches security hole with top rating in Secure Workload heise online
Max severity Cisco Secure Workload flaw gives Site Admin privileges BleepingComputer

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

63%

240 → 90 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights