• Home
  • cyber
  • Cisco: Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access
cyber Vulnerability

Cisco: Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access

May 21, 2026 2 min read
Cisco: Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access

Critical Cisco Secure Workload Vulnerability Exposes Internal APIs to Unauthenticated Attacks

Cisco has disclosed a severe security flaw (CVE-2026-20223) in its Secure Workload platform, allowing unauthenticated attackers to gain Site Admin-level privileges via improperly secured internal REST APIs. With a CVSS score of 10.0, the vulnerability stems from missing authentication and insufficient validation in API endpoints, enabling attackers to send crafted requests without credentials.

Successful exploitation could grant full control over affected environments, including access to sensitive data, configuration modifications, and cross-tenant risks in shared deployments. The flaw impacts both SaaS and on-premises versions of Cisco Secure Workload Cluster Software, though it does not affect the web-based management interface.

Cisco has released patches for affected versions:

  • 3.10: Fixed in 3.10.8.3
  • 4.0: Fixed in 4.0.3.17
  • 3.9 and earlier: Require migration to a supported release

For SaaS deployments, Cisco has already applied fixes, requiring no customer action. While no active exploitation or public proof-of-concept has been reported, the critical severity and low attack complexity make this a high-priority risk for security teams.

The vulnerability was discovered during internal security testing, underscoring the growing threat posed by unsecured internal APIs, which are often overlooked in traditional security assessments. Cisco’s advisory highlights the need for robust authentication and validation across all API layers as attackers increasingly target backend services.

Source: https://cybersecuritynews.com/cisco-secure-workload-vulnerability/

Cisco TPRM report: https://www.rankiteo.com/company/cisco

"id": "cis1779359208",
"linkid": "cisco",
"type": "Vulnerability",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Networking and Cybersecurity',
                        'name': 'Cisco',
                        'type': 'Technology Company'}],
 'attack_vector': 'Internal REST APIs',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Sensitive data'},
 'description': 'Cisco has disclosed a severe security flaw (CVE-2026-20223) '
                'in its Secure Workload platform, allowing unauthenticated '
                'attackers to gain Site Admin-level privileges via improperly '
                'secured internal REST APIs. The vulnerability stems from '
                'missing authentication and insufficient validation in API '
                'endpoints, enabling attackers to send crafted requests '
                'without credentials. Successful exploitation could grant full '
                'control over affected environments, including access to '
                'sensitive data, configuration modifications, and cross-tenant '
                'risks in shared deployments.',
 'impact': {'data_compromised': 'Sensitive data',
            'operational_impact': 'Full control over affected environments, '
                                  'configuration modifications, cross-tenant '
                                  'risks',
            'systems_affected': 'Cisco Secure Workload Cluster Software (SaaS '
                                'and on-premises)'},
 'lessons_learned': 'The vulnerability underscores the growing threat posed by '
                    'unsecured internal APIs, which are often overlooked in '
                    'traditional security assessments. Robust authentication '
                    'and validation are needed across all API layers.',
 'post_incident_analysis': {'corrective_actions': 'Patches applied to secure '
                                                  'API endpoints; migration '
                                                  'required for unsupported '
                                                  'versions',
                            'root_causes': 'Missing authentication and '
                                           'insufficient validation in '
                                           'internal REST APIs'},
 'recommendations': 'Apply patches immediately for affected versions '
                    '(3.10.8.3, 4.0.3.17). Migrate from unsupported versions '
                    '(3.9 and earlier). Monitor for unauthorized access to '
                    'internal APIs.',
 'references': [{'source': 'Cisco Advisory'}],
 'response': {'containment_measures': 'Patches released for affected versions',
              'remediation_measures': 'Fixed in versions 3.10.8.3, 4.0.3.17; '
                                      'migration required for versions 3.9 and '
                                      'earlier'},
 'title': 'Critical Cisco Secure Workload Vulnerability Exposes Internal APIs '
          'to Unauthenticated Attacks',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2026-20223'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.