Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cisco Secure Workload REST API validation/authentication flaw (CVE-2026-20223)

Vulnerability
First reported
Last updated
Happening score
H score 49
2 unique sources, 2 articles

Summary

Hide ▲

Cisco Secure Workload Cluster Software was patched for CVE-2026-20223, a critical REST API flaw that could let attackers gain Site Admin privileges and cross tenant boundaries to read sensitive data or change configurations. The issue affects SaaS and on-prem deployments and is fixed in 3.10.8.3 and 4.0.3.17. Cisco says it is not aware of exploitation in the wild.

Related Happenings

Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)

Vulnerability
First: 14.05.2026 23:09 Last: 14.05.2026 23:09 Sources 1

About this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...

Latest development: 14.05.2026 23:25

Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.

Open Happening

Cisco Catalyst SD-WAN active exploitation wave

Exploitation Wave
First: 05.03.2026 14:15 Last: 05.03.2026 14:15 Sources 1

About this happening: **Cisco** confirmed **active exploitation** of **two recently patched Catalyst SD-WAN vulnerabilities**, creating immediate risk for exposed systems that have not been fully remed...

Open Happening

Cisco Secure Firewall ASA/FTD mitigation for CVE-2025-20333 and CVE-2025-20362

Advisory/Mitigation
First: 06.11.2025 16:58 Last: 06.11.2025 16:58 Sources 1

About this happening: **Cisco** urged customers to **apply updates** for **Cisco Secure Firewall ASA** and **FTD** devices susceptible to **CVE-2025-20333** and **CVE-2025-20362**, after a new attack v...

Open Happening

Cisco IOS XE BadCandy exploitation wave

Exploitation Wave
First: 31.10.2025 17:38 Last: 31.10.2025 17:38 Sources 1

About this happening: Ongoing **BadCandy** exploitation of **unpatched Cisco IOS XE devices** in **Australia** has left **over 150 devices** compromised and enabled repeat re-infection on previously al...

Open Happening

Cisco ASA and FTD active exploitation wave (CVE-2025-20333, CVE-2025-20362)

Exploitation Wave
First: 30.09.2025 19:58 Last: 30.09.2025 19:58 Sources 1

About this happening: **Cisco ASA and FTD** appliances are still under an **active exploitation wave** for **CVE-2025-20333** and **CVE-2025-20362**, with a new attack variant now causing **unexpected...

Open Happening

Timeline

  1. 21.05.2026 15:04 2 articles · 6d ago

    Cisco releases Secure Workload fixes for CVE-2026-20223

    Mitigation Patch Update

    Cisco released Secure Workload versions 3.10.8.3 and 4.0.3.17 to address CVE-2026-20223, a critical REST API flaw affecting Cisco Secure Workload Cluster Software on SaaS and on-prem deployments that could let an attacker using a crafted API request obtain Site Admin privileges, read sensitive information, and modify configurations across tenant boundaries.

    Show sources
    Open in new tab
  2. 21.05.2026 03:00 1 articles · 6d ago

    Cisco discloses critical Secure Workload REST API flaw

    Initial Disclosure

    Cisco disclosed CVE-2026-20223 in Cisco Secure Workload Cluster Software, describing a critical REST API flaw caused by insufficient validation and authentication in internal endpoints; Cisco said a crafted API request could enable Site Admin privileges, cross-tenant access to sensitive information and configuration changes, and that it was not aware of exploitation in the wild.

    Show sources
    Open in new tab