Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch Release
Summary
Hide ▲
Show ▼
Cisco patched CVE-2026-20223, a CVSS 10.0 Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The update covers Cisco Secure Workload Cluster Software on SaaS and on-prem deployments. Customers on Release 3.10 and Release 4.0 must move to 3.10.8.3 or 4.0.3.17, while 3.9 and earlier require migration to a fixed release because no workaround exists.
Related Happenings
Cisco security patch release for CVE-2026-20245
Security Patch Release
H score38
First: 25.06.2026 00:29
Last: 25.06.2026 00:29
Sources 1
About this happening:
Cisco released **security updates** for **Cisco Catalyst SD-WAN** after **CVE-2026-20245** was linked to root-level command execution, and customers were told to move to fixed sof...
Cisco security patch release for CVE-2026-20245
Security Patch ReleaseAbout this happening: Cisco released **security updates** for **Cisco Catalyst SD-WAN** after **CVE-2026-20245** was linked to root-level command execution, and customers were told to move to fixed sof...
Squid web proxy patch for CVE-2026-47729
Security Patch Release
H score20
First: 22.06.2026 17:29
Last: 22.06.2026 17:29
Sources 1
About this happening:
**Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...
Squid web proxy patch for CVE-2026-47729
Security Patch ReleaseAbout this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...
SimpleHelp security update for CVE-2026-48558
Security Patch Release
H score65
First: 15.06.2026 23:06
Last: 15.06.2026 23:06
Sources 1
About this happening:
**SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
SimpleHelp security update for CVE-2026-48558
Security Patch ReleaseAbout this happening: **SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
Cisco security patch release for CVE-2026-20262
Security Patch Release
H score47
First: 15.06.2026 20:12
Last: 15.06.2026 20:12
Sources 1
About this happening:
**Cisco** released **security updates** for **CVE-2026-20262** in **Catalyst SD-WAN Manager**, covering multiple release trains after the zero-day was exploited to reach **root pr...
Cisco security patch release for CVE-2026-20262
Security Patch ReleaseAbout this happening: **Cisco** released **security updates** for **CVE-2026-20262** in **Catalyst SD-WAN Manager**, covering multiple release trains after the zero-day was exploited to reach **root pr...
LiteLLM endpoint-hardening patch release (CVE-2026-42271)
Security Patch Release
H score59
First: 09.06.2026 09:26
Last: 09.06.2026 09:26
Sources 1
About this happening:
BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...
LiteLLM endpoint-hardening patch release (CVE-2026-42271)
Security Patch ReleaseAbout this happening: BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...
Timeline
-
22.05.2026 08:36 2 articles · 1mo ago
Cisco releases Secure Workload fixes for CVE-2026-20223
Mitigation Patch UpdateCisco rolled out updates for CVE-2026-20223, a CVSS score: 10.0 REST API vulnerability in Cisco Secure Workload Cluster Software on SaaS and on-prem deployments that could let an unauthenticated, remote attacker send a crafted API request, read sensitive information, and make configuration changes across tenant boundaries with the privileges of the Site Admin user. Cisco said Cisco Secure Workload Release 3.10 is fixed in 3.10.8.3, Cisco Secure Workload Release 4.0 is fixed in 4.0.3.17, and Cisco Secure Workload Release 3.9 and earlier must migrate to a fixed release because no workaround exists.
Show sources
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access — thehackernews.com — 22.05.2026 08:36
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access — thehackernews.com — 22.05.2026 08:36
-
22.05.2026 08:36 1 articles · 1mo ago
Cisco discloses CVE-2026-20223 details
Initial DisclosureCisco disclosed CVE-2026-20223, a maximum-severity flaw in Secure Workload that arises from insufficient validation and authentication when accessing REST API endpoints. Cisco said the vulnerability could be exploited by sending a crafted API request to an affected endpoint, that it found the issue during internal security testing, and that there is no evidence of it being exploited in the wild.
Show sources
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access — thehackernews.com — 22.05.2026 08:36