Missing Authentication for Critical Function in Cisco Secure Workload - CVE-2026-20223
Published: May 21, 2026
Vulnerability identifier: #VU132083
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Red
CVE-ID: CVE-2026-20223
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Secure Workload
Cisco Secure Workload
Detailed vulnerability description
The vulnerability allows a remote attacker to access site resources, read sensitive information, and make configuration changes across tenant boundaries.
The vulnerability exists due to improper authentication in internal REST APIs when handling crafted API requests to affected endpoints. A remote attacker can send a crafted API request to access site resources, read sensitive information, and make configuration changes across tenant boundaries.
The issue affects internal REST APIs and does not affect the web-based management interface.
How to mitigate CVE-2026-20223
Install security update from vendor's website.