Cisco released fixes for CVE-2026-20223, a critical 10.0 vulnerability in Cisco Secure Workload Cluster Software caused by insufficient validation and authentication in internal REST API endpoints. The flaw affects SaaS and on-prem deployments and can let remote attackers read sensitive information and modify configurations across tenant boundaries with Site Admin privileges. Patched versions are 3.10.8.3 and 4.0.3.17.
Why it matters: Organizations using Cisco Secure Workload face high-impact administrative compromise and cross-tenant exposure if unpatched. Defenders should prioritize updates because exploitation requires only a crafted API request and no in-the-wild activity is needed for urgency at this severity.
Sergiu Gatlan
2026.05.21
98% relevant
This article covers the same Cisco Secure Workload event: disclosure and patching of CVE-2026-20223, an unauthenticated flaw in internal REST APIs that can grant Site Admin privileges across tenant boundaries. It adds affected/fixed versions, notes there are no workarounds, and says Cisco has not seen in-the-wild exploitation.
Ionut Arghire
2026.05.21
100% relevant
This article establishes a distinct new story centered on Cisco's disclosure and patching of CVE-2026-20223 in Secure Workload; it does not match any existing tracked event.
2026.05.21
99% relevant
This article covers the same Cisco Secure Workload vulnerability disclosure and patch event for CVE-2026-20223, adding reporting detail on cross-tenant impact, affected fixed versions (3.10.8.3 and 4.0.3.17), lack of workarounds, and that Cisco SaaS deployments were already patched.
← Back to all stories