CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Critical REST API validation flaw in Cisco Secure Workload (CVE-2026-20223) patched

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Cisco patched CVE-2026-20223, a critical vulnerability in Secure Workload with a CVSS score of 10.0, enabling attackers to access site resources with Site Admin privileges by sending crafted API requests to internal REST endpoints. The flaw stems from insufficient input validation and authentication in the REST API. Successful exploitation permits reading sensitive data and modifying configurations across tenant boundaries. The issue affects both SaaS and on-prem deployments of Secure Workload Cluster Software and is limited to internal REST APIs, not the web-based management interface. No exploitation in the wild has been reported.

Timeline

  1. 21.05.2026 15:04 1 articles · 1h ago

    Critical REST API flaw (CVE-2026-20223) in Cisco Secure Workload patched

    Cisco released patches for CVE-2026-20223, a critical vulnerability in Secure Workload’s internal REST API that enables privilege escalation to Site Admin via crafted requests. The flaw, affecting both SaaS and on-prem deployments, was addressed in versions 3.10.8.3 and 4.0.3.17. Cisco notes no active exploitation but urges users to apply updates promptly to mitigate potential risks.

    Show sources
    Open in new tab

Information Snippets

  • CVE-2026-20223 is a critical vulnerability in Cisco Secure Workload with a CVSS score of 10.0, allowing attackers with access to internal REST API endpoints to escalate privileges to Site Admin.

    First reported: 21.05.2026 15:04
    1 source, 1 article
    Show sources

  • The flaw exists due to insufficient validation and authentication in Secure Workload’s REST API endpoints, enabling crafted API requests to be exploited.

    First reported: 21.05.2026 15:04
    1 source, 1 article
    Show sources

  • Exploitation allows attackers to read sensitive information and modify configurations across tenant boundaries, impacting both SaaS and on-prem deployments regardless of device configuration.

    First reported: 21.05.2026 15:04
    1 source, 1 article
    Show sources

  • The vulnerability affects only internal REST APIs and does not impact the web-based management interface of Secure Workload.

    First reported: 21.05.2026 15:04
    1 source, 1 article
    Show sources

  • Cisco Secure Workload versions 3.10.8.3 and 4.0.3.17 include patches addressing CVE-2026-20223.

    First reported: 21.05.2026 15:04
    1 source, 1 article
    Show sources

  • Cisco has not observed active exploitation of CVE-2026-20223 in the wild but recommends immediate updates to mitigate potential future exposure.

    First reported: 21.05.2026 15:04
    1 source, 1 article
    Show sources

  • Cisco also released patches for three medium-severity vulnerabilities affecting ThousandEyes Virtual Appliance, ThousandEyes Enterprise Agent, and Nexus 3000/9000 series switches, including remote command execution and BGP-induced DoS risks.

    First reported: 21.05.2026 15:04
    1 source, 1 article
    Show sources