Cisco Secure Workload REST API validation/authentication flaw (CVE-2026-20223)
Vulnerability
Summary
Hide ▲
Show ▼
Cisco Secure Workload Cluster Software was patched for CVE-2026-20223, a critical REST API flaw that could let attackers gain Site Admin privileges and cross tenant boundaries to read sensitive data or change configurations. The issue affects SaaS and on-prem deployments and is fixed in 3.10.8.3 and 4.0.3.17. Cisco says it is not aware of exploitation in the wild.
Related Happenings
Cisco Catalyst SD-WAN Manager actively exploited file upload overwrite flaw (CVE-2026-20262)
Vulnerability
H score24
First: 15.06.2026 20:12
Last: 15.06.2026 20:12
Sources 1
About this happening:
**Cisco Catalyst SD-WAN Manager** was patched for **CVE-2026-20262** after attackers used it to **create or overwrite files** and **escalate to root** across **all deployment type...
Cisco Catalyst SD-WAN Manager actively exploited file upload overwrite flaw (CVE-2026-20262)
VulnerabilityAbout this happening: **Cisco Catalyst SD-WAN Manager** was patched for **CVE-2026-20262** after attackers used it to **create or overwrite files** and **escalate to root** across **all deployment type...
Cisco Catalyst SD-WAN Manager root privilege escalation flaw (CVE-2026-20245)
Vulnerability
H score60
First: 05.06.2026 09:24
Last: 05.06.2026 09:24
Sources 1
About this happening:
**CVE-2026-20245** in **Cisco Catalyst SD-WAN Manager** is an **actively exploited** **high-severity** vulnerability that can let an **authenticated local attacker** with **netadm...
Cisco Catalyst SD-WAN Manager root privilege escalation flaw (CVE-2026-20245)
VulnerabilityAbout this happening: **CVE-2026-20245** in **Cisco Catalyst SD-WAN Manager** is an **actively exploited** **high-severity** vulnerability that can let an **authenticated local attacker** with **netadm...
Latest development: 06.06.2026 07:19
Cisco warned that CVE-2026-20245 in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, is under active exploitation and can let an authenticated local attacker with netadmin privileges upload a crafted file to execute arbitrary commands as root. Cisco said the flaw affects On-Prem Deployment, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP), that limited exploitation has already resulted in configuration changes pushed to edge devices, and that no patches or mitigations are currently available. Cisco also advised checking /var/log/scripts.log for indicators of compromise and credited Google Mandiant researchers Chester Sng, Pete Boonyakarn, and Logeswaran Nadarajan with discovering and reporting the issue.
Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)
Vulnerability
H score60
First: 14.05.2026 23:09
Last: 14.05.2026 23:09
Sources 1
About this happening:
**CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...
Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)
VulnerabilityAbout this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...
Latest development: 14.05.2026 23:25
Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.
Cisco Catalyst SD-WAN active exploitation wave
Exploitation Wave
H score57
First: 05.03.2026 14:15
Last: 05.03.2026 14:15
Sources 1
About this happening:
**Cisco** confirmed **active exploitation** of **two recently patched Catalyst SD-WAN vulnerabilities**, creating immediate risk for exposed systems that have not been fully remed...
Cisco Catalyst SD-WAN active exploitation wave
Exploitation WaveAbout this happening: **Cisco** confirmed **active exploitation** of **two recently patched Catalyst SD-WAN vulnerabilities**, creating immediate risk for exposed systems that have not been fully remed...
Cisco Secure Firewall ASA/FTD mitigation for CVE-2025-20333 and CVE-2025-20362
Advisory/Mitigation
H score53
First: 06.11.2025 16:58
Last: 06.11.2025 16:58
Sources 1
About this happening:
**Cisco** urged customers to **apply updates** for **Cisco Secure Firewall ASA** and **FTD** devices susceptible to **CVE-2025-20333** and **CVE-2025-20362**, after a new attack v...
Cisco Secure Firewall ASA/FTD mitigation for CVE-2025-20333 and CVE-2025-20362
Advisory/MitigationAbout this happening: **Cisco** urged customers to **apply updates** for **Cisco Secure Firewall ASA** and **FTD** devices susceptible to **CVE-2025-20333** and **CVE-2025-20362**, after a new attack v...
Timeline
-
21.05.2026 15:04 2 articles · 1mo ago
Cisco releases Secure Workload fixes for CVE-2026-20223
Mitigation Patch UpdateCisco released Secure Workload versions 3.10.8.3 and 4.0.3.17 to address CVE-2026-20223, a critical REST API flaw affecting Cisco Secure Workload Cluster Software on SaaS and on-prem deployments that could let an attacker using a crafted API request obtain Site Admin privileges, read sensitive information, and modify configurations across tenant boundaries.
Show sources
- Cisco Patches Critical Vulnerability in Secure Workload — www.securityweek.com — 21.05.2026 15:04
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access — thehackernews.com — 22.05.2026 08:36
-
21.05.2026 03:00 1 articles · 1mo ago
Cisco discloses critical Secure Workload REST API flaw
Initial DisclosureCisco disclosed CVE-2026-20223 in Cisco Secure Workload Cluster Software, describing a critical REST API flaw caused by insufficient validation and authentication in internal endpoints; Cisco said a crafted API request could enable Site Admin privileges, cross-tenant access to sensitive information and configuration changes, and that it was not aware of exploitation in the wild.
Show sources
- Cisco Patches Critical Vulnerability in Secure Workload — www.securityweek.com — 21.05.2026 15:04