PT-2026-42193 · Cisco · Secure Workload
Published
2026-05-20
·
Updated
2026-06-30
·
CVE-2026-20223
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Secure Workload versions prior to 3.10.8.3
Cisco Secure Workload versions prior to 4.0.3.17
Description
Insufficient validation and authentication in the internal REST API endpoints of Cisco Secure Workload allow an unauthenticated, remote attacker to access site resources with Site Admin privileges. By sending a crafted API request to an affected endpoint, an attacker can read sensitive information, such as workload telemetry and segmentation policies, and make configuration changes across tenant boundaries. This issue affects both SaaS and on-premises deployments.
Recommendations
For versions 3.10, update to 3.10.8.3.
For versions 4.0, update to 4.0.3.17.
For versions 3.9 and earlier, migrate to a current secure release.
Exploit
Fix
LPE
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Secure Workload