Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
The Hacker NewsArchived May 22, 2026✓ Full text saved
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints. "An attacker could exploit this vulnerability if they are able to send
Full text archived locally
✦ AI Summary· Claude Sonnet
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Ravie LakshmananMay 22, 2026Vulnerability / Network Security
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data.
Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints.
"An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint," Cisco said. "A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user."
The shortcoming impacts Cisco Secure Workload Cluster Software on SaaS and on-prem deployments, regardless of device configuration. Cisco said there are no workarounds that address the vulnerability.
The issue has been addressed in the following versions -
Cisco Secure Workload Release 3.9 and earlier (Migrate to a fixed release)
Cisco Secure Workload Release 3.10 (Fixed in 3.10.8.3)
Cisco Secure Workload Release 4.0 (Fixed in 4.0.3.17)
The networking equipment major said it found the vulnerability during internal security testing and that there is no evidence of it being exploited in the wild.
The disclosure comes a week after Cisco revealed that another maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller (CVE-2026-20182, CVSS score: 10.0) has been exploited by a threat actor known as UAT-8616 to gain unauthorized access to SD-WAN systems.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
SHARE
Apex One, CISA, cisco, cybersecurity, Langflow, Trend Micro, Vulnerability
⚡ Top Stories This Week
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Load More ▼
⭐ Featured Resources
[Webinar] Learn How to Handle Critical SOC Alerts With AI Support
Identify Internal Attack Surfaces More Efficiently With a Free Assessment
[Guide] Stop Email Fraud Before It Turns Into Ransomware Damage
[eBook] Get the 3-Number SOC Diagnostic to Reduce Queue Risk