PT-2026-42193 · Cisco · Secure Workload

Published

2026-05-20

·

Updated

2026-06-30

·

CVE-2026-20223

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Cisco Secure Workload versions prior to 3.10.8.3 Cisco Secure Workload versions prior to 4.0.3.17
Description Insufficient validation and authentication in the internal REST API endpoints of Cisco Secure Workload allow an unauthenticated, remote attacker to access site resources with Site Admin privileges. By sending a crafted API request to an affected endpoint, an attacker can read sensitive information, such as workload telemetry and segmentation policies, and make configuration changes across tenant boundaries. This issue affects both SaaS and on-premises deployments.
Recommendations For versions 3.10, update to 3.10.8.3. For versions 4.0, update to 4.0.3.17. For versions 3.9 and earlier, migrate to a current secure release.

Exploit

Fix

LPE

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07274
CVE-2026-20223

Affected Products

Secure Workload