Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests.
Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems from insufficient validation and authentication in REST API endpoints. According to Cisco, remote attackers could exploit the flaw by sending crafted API requests and potentially gain Site Admin privileges with access to site resources.
“A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.” reads the advisory
“This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.”
Cisco said the Secure Workload flaw affects both SaaS and on-prem Cluster Software deployments, but only impacts internal REST APIs, not the web management interface. The issue was addressed in versions 3.10.8.3 and 4.0.3.17.
Cisco Product Security Incident Response Team (PSIRT) has not seen active exploitation, but urges customers to update systems to reduce the risk of future attacks.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CVE-2026-20223)
