Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cisco Secure Workload REST API validation/authentication flaw (CVE-2026-20223)

Vulnerability
First reported
Last updated
Happening score
H score 49
2 unique sources, 2 articles

Summary

Hide ▲

Cisco Secure Workload Cluster Software was patched for CVE-2026-20223, a critical REST API flaw that could let attackers gain Site Admin privileges and cross tenant boundaries to read sensitive data or change configurations. The issue affects SaaS and on-prem deployments and is fixed in 3.10.8.3 and 4.0.3.17. Cisco says it is not aware of exploitation in the wild.

Related Happenings

Cisco Catalyst SD-WAN Manager actively exploited file upload overwrite flaw (CVE-2026-20262)

Vulnerability
H score24 First: 15.06.2026 20:12 Last: 15.06.2026 20:12 Sources 1

About this happening: **Cisco Catalyst SD-WAN Manager** was patched for **CVE-2026-20262** after attackers used it to **create or overwrite files** and **escalate to root** across **all deployment type...

Cisco Catalyst SD-WAN Manager root privilege escalation flaw (CVE-2026-20245)

Vulnerability
H score60 First: 05.06.2026 09:24 Last: 05.06.2026 09:24 Sources 1

About this happening: **CVE-2026-20245** in **Cisco Catalyst SD-WAN Manager** is an **actively exploited** **high-severity** vulnerability that can let an **authenticated local attacker** with **netadm...

Latest development: 06.06.2026 07:19

Cisco warned that CVE-2026-20245 in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, is under active exploitation and can let an authenticated local attacker with netadmin privileges upload a crafted file to execute arbitrary commands as root. Cisco said the flaw affects On-Prem Deployment, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP), that limited exploitation has already resulted in configuration changes pushed to edge devices, and that no patches or mitigations are currently available. Cisco also advised checking /var/log/scripts.log for indicators of compromise and credited Google Mandiant researchers Chester Sng, Pete Boonyakarn, and Logeswaran Nadarajan with discovering and reporting the issue.

Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)

Vulnerability
H score60 First: 14.05.2026 23:09 Last: 14.05.2026 23:09 Sources 1

About this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...

Latest development: 14.05.2026 23:25

Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.

Cisco Catalyst SD-WAN active exploitation wave

Exploitation Wave
H score57 First: 05.03.2026 14:15 Last: 05.03.2026 14:15 Sources 1

About this happening: **Cisco** confirmed **active exploitation** of **two recently patched Catalyst SD-WAN vulnerabilities**, creating immediate risk for exposed systems that have not been fully remed...

Cisco Secure Firewall ASA/FTD mitigation for CVE-2025-20333 and CVE-2025-20362

Advisory/Mitigation
H score53 First: 06.11.2025 16:58 Last: 06.11.2025 16:58 Sources 1

About this happening: **Cisco** urged customers to **apply updates** for **Cisco Secure Firewall ASA** and **FTD** devices susceptible to **CVE-2025-20333** and **CVE-2025-20362**, after a new attack v...

Timeline

  1. 21.05.2026 15:04 2 articles · 1mo ago

    Cisco releases Secure Workload fixes for CVE-2026-20223

    Mitigation Patch Update

    Cisco released Secure Workload versions 3.10.8.3 and 4.0.3.17 to address CVE-2026-20223, a critical REST API flaw affecting Cisco Secure Workload Cluster Software on SaaS and on-prem deployments that could let an attacker using a crafted API request obtain Site Admin privileges, read sensitive information, and modify configurations across tenant boundaries.

    Show sources
  2. 21.05.2026 03:00 1 articles · 1mo ago

    Cisco discloses critical Secure Workload REST API flaw

    Initial Disclosure

    Cisco disclosed CVE-2026-20223 in Cisco Secure Workload Cluster Software, describing a critical REST API flaw caused by insufficient validation and authentication in internal endpoints; Cisco said a crafted API request could enable Site Admin privileges, cross-tenant access to sensitive information and configuration changes, and that it was not aware of exploitation in the wild.

    Show sources