Summary
Cisco Secure Workload's internal REST APIs have insufficient access validation and authentication, allowing an unauthenticated remote attacker to reach site resources as a Site Admin. The flaw affects SaaS and on-prem cluster software and is triggered by sending a crafted API request to an affected internal endpoint; the web-based management interface is not affected. Successful exploitation can expose sensitive information and let the attacker make privileged configuration changes across tenant boundaries.
Why Fix Soon?
5/6Exploitation Details
Gain Site Admin privileges to read sensitive data and make privileged configuration changes across tenant boundaries.
Full System CompromiseAffected Software
| Product | Affected Versions |
|---|---|
| Cisco Secure Workload Cluster Software | SaaS deployments; 3.9 and earlier; 3.10 before 3.10.8.3; 4.0 before 4.0.3.17 |
Cisco Secure Workload is a workload security and segmentation platform used to monitor applications, enforce policy, and manage security across workloads in data centers and cloud environments.
Affected ComponentInternal REST API access validation and authentication logic.
Internal REST API access validation and authentication logic.
Not available
Not available
Upgrade Cisco Secure Workload Cluster Software to 3.10.8.3 or 4.0.3.17 as applicable; deployments on 3.9 and earlier must migrate to a fixed release. Cisco states the SaaS deployment has already been addressed.
Upgrade Cisco Secure Workload Cluster Software to 3.10.8.3 or 4.0.3.17 as applicable; deployments on 3.9 and earlier must migrate to a fixed release. Cisco states the SaaS deployment has already been addressed.
Probability of exploitation in the next 30 days
Worse than 14% of all CVEs
No known threat actors
No detection rules available
NVD Data
Description Summary
CVSS Base Score
CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
| Source | Article |
|---|---|
| www.cisco.com | Cisco Secure Workload Unauthorized API Access Vulnerability |
| nvd.nist.gov | CVE-2026-20223 Detail |
| www.cisco.com | Cisco Secure Workload User Guide SaaS, Release 4.0 - Secure Workload OpenAPIs |
| www.cisco.com | Cisco Secure Workload and Secure Firewall Management Center Integration Guide |
Priority History
Initial analysis