PT-2026-42193 · Cisco · Secure Workload
Published
2026-05-20
·
Updated
2026-05-22
·
CVE-2026-20223
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Secure Workload versions prior to 3.10.8.3
Cisco Secure Workload versions prior to 4.0.3.17
Description
Insufficient validation and authentication in the internal REST API endpoints of Cisco Secure Workload allow an unauthenticated, remote attacker to gain Site Admin privileges. By sending crafted API requests to affected endpoints, an attacker can read sensitive information and make configuration changes across tenant boundaries. This issue affects both SaaS and on-prem deployments.
Recommendations
Update to version 3.10.8.3.
Update to version 4.0.3.17.
Fix
LPE
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Secure Workload