Fix Soon

CVE-2026-20223

Authentication Bypass → Remote Code Execution in Cisco Secure Workload
Loading...

Summary

Cisco Secure Workload's internal REST APIs have insufficient access validation and authentication, allowing an unauthenticated remote attacker to reach site resources as a Site Admin. The flaw affects SaaS and on-prem cluster software and is triggered by sending a crafted API request to an affected internal endpoint; the web-based management interface is not affected. Successful exploitation can expose sensitive information and let the attacker make privileged configuration changes across tenant boundaries.

Why Fix Soon?

5/6
No authentication required
Mixed internet / internal deployment
No user interaction needed
Exploitable in default configuration
No active exploitation or PoC
High impact vulnerability

Exploitation Details

Type
Authentication Bypass
Is exploitable with default configuration?
Yes
Is authentication needed?
No
PoC / Exploit
No
Impact

Gain Site Admin privileges to read sensitive data and make privileged configuration changes across tenant boundaries.

Full System Compromise
Exploitation Requirements

None — vulnerable in default configuration

Exploitation Process

An attacker sends a crafted request to an internal Cisco Secure Workload REST API endpoint without valid credentials. If the request is accepted, the platform treats the caller as a Site Admin, allowing the attacker to read sensitive information and perform privileged configuration changes across tenant boundaries.

Detection Resources
Manual Detection
0
Script Detection
0
Scanner Detection
0

Affected Software

Vendor:Cisco
ProductAffected Versions
Cisco Secure Workload Cluster SoftwareSaaS deployments; 3.9 and earlier; 3.10 before 3.10.8.3; 4.0 before 4.0.3.17
Description

Cisco Secure Workload is a workload security and segmentation platform used to monitor applications, enforce policy, and manage security across workloads in data centers and cloud environments.

Deployment:Mixed (internet/internal)
|
Protocol:HTTPS
|
Ports:443
Affected ComponentInternal REST API access validation and authentication logic.

Internal REST API access validation and authentication logic.

Enterprise UsageEstimated likelihood that this vendor/product is deployed in enterprise environments. AI-generated estimation based on market presence, product type and adoption signals — not exact data.
Very Low
Low
Medium
High
Very High
Vendor Size:Big
Remediation
Workaround

Not available

Patch

Not available

Update
Upgrade Cisco Secure Workload Cluster Software to 3.10.8.3 or 4.0.3.17 as applicable; deployments on 3.9 and earlier must migrate to a fixed release. Cisco states the SaaS deployment has already been addressed.

Upgrade Cisco Secure Workload Cluster Software to 3.10.8.3 or 4.0.3.17 as applicable; deployments on 3.9 and earlier must migrate to a fixed release. Cisco states the SaaS deployment has already been addressed.

www.cisco.com
Threat Intelligence
EPSS Score0.0%

Probability of exploitation in the next 30 days

EPSS Percentile14%

Worse than 14% of all CVEs

Last updated: Loading...
CISAKEV
CISA KEV
Not Listed
Active Exploitation
No Evidence
Threat Actors

No known threat actors

Detection Rules

No detection rules available

NVD Data

Published: Loading...Modified: Loading...

Description Summary

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. 

CVSS Base Score

10.0
Critical

CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Attack Vector (AV)
Physical
Local
Adjacent
Network
Attack Complexity (AC)
High
Low
Privileges Required (PR)
High
Low
None
User Interaction (UI)
Required
None
Scope (S)
Unchanged
Changed
Confidentiality (C)
None
Low
High
Integrity (I)
None
Low
High
Availability (A)
None
Low
High
CWE:CWE-306 Missing Authentication for Critical Function
||
Version From:
|
Version Upto: