CVE-2026-20223
Awaiting Analysis Awaiting Analysis - Queue
Unauthenticated REST API Access in Cisco Secure Workload

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. 
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-10
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-08
NVD
CVE-2026-20223
EUVD
EUVD-2026-31131
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
cisco secure_workload to 3.10.8.3 (exc)
cisco secure_workload to 4.0.3.17 (exc)
cisco secure_workload 3.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20223 is a critical vulnerability in Cisco Secure Workload that allows unauthenticated, remote attackers to access internal REST APIs with Site Admin privileges due to insufficient validation and authentication.

An attacker can exploit this vulnerability by sending a specially crafted API request to an affected endpoint, which could allow them to read sensitive information and make configuration changes across tenant boundaries.

This affects both SaaS and on-premises deployments of Cisco Secure Workload Cluster Software, including certain versions prior to fixed releases.

Impact Analysis

This vulnerability can have severe impacts as it allows an unauthenticated remote attacker to gain Site Admin privileges.

  • The attacker could read sensitive data across tenant boundaries.
  • The attacker could make unauthorized configuration changes.

Such unauthorized access and control could compromise the confidentiality, integrity, and availability of your systems and data.

Mitigation Strategies

To mitigate this vulnerability, customers should upgrade Cisco Secure Workload to the fixed software versions released by Cisco.

  • Upgrade to versions later than 3.10.8.3 if using 3.10.
  • Upgrade to versions later than 4.0.3.17 if using 4.0.
  • For SaaS deployments, no user action is required as remediation has already been applied.

There are no available workarounds, so applying the updates is the only effective mitigation.

Compliance Impact

This vulnerability allows unauthenticated, remote attackers to access sensitive information and make configuration changes with Site Admin privileges, which could lead to unauthorized data exposure and modification.

Such unauthorized access and potential data breaches could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on data confidentiality, integrity, and access.

Organizations using affected versions of Cisco Secure Workload should apply the fixed software updates promptly to mitigate risks and maintain compliance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20223. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart