Contact us
Contact us

News

About

Home Crypto News Cisco patches CVSS 10.0 Secure Workload API bug

Cisco patches CVSS 10.0 Secure Workload API bug

Author Whitewallet Research
Posted: 22 May 2026, 06:16 CET 2 min read

Cisco patched a CVSS 10.0 flaw in Secure Workload’s REST API that could let unauthenticated attackers read tenant data and change configurations with Site Admin privileges.

Cisco has released patches for a maximum-severity vulnerability in Secure Workload that could allow unauthenticated remote attackers to access tenant data and make configuration changes with Site Admin privileges. The flaw is tracked as CVE-2026-20223 and carries a CVSS score of 10.0. It affects Cisco Secure Workload Cluster Software on both SaaS and on-premises deployments.

Cisco traced the issue to insufficient validation and authentication on REST API endpoints. An attacker able to send a crafted API request to an affected endpoint could read sensitive information and alter settings across tenant boundaries. In an advisory, Cisco wrote: “An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.” The advisory notes the vulnerability applies regardless of device configuration.

Fixes are available for supported releases. Customers running Secure Workload Release 3.10 should update to 3.10.8.3, and those on Release 4.0 should move to 4.0.3.17. Installations on Release 3.9 and earlier must migrate to a fixed release. Cisco reported there are no workarounds that mitigate the vulnerability and recommends applying the updates as soon as possible.

Cisco discovered the flaw during internal security testing and reported no evidence of exploitation in the wild. The advisory was published a week after Cisco confirmed a separate maximum-severity authentication bypass in Catalyst SD-WAN Controller, CVE-2026-20182, had been exploited by a threat actor tracked as UAT-8616 to gain unauthorized access to SD-WAN systems.

Operators should verify their Secure Workload version and schedule upgrades to the patched releases. Administrators are advised to review access logs and administrative activity for unusual requests, follow the guidance in Cisco advisories, and coordinate with security teams to contain any incidents.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE