Skip to content
Tech News
← Back to articles

Max severity Cisco Secure Workload flaw gives Site Admin privileges

2026-05-21 | original
read original get Cisco Secure Workload Security Book → more articles
Why This Matters

The discovery of a maximum-severity vulnerability in Cisco Secure Workload underscores the critical importance of timely security updates in protecting enterprise infrastructure. As attackers continuously seek to exploit such flaws, rapid patching helps safeguard sensitive data and maintain trust in network security solutions for both businesses and consumers.

Key Takeaways

Cisco has released security updates to address a maximum-severity Secure Workload vulnerability that allows attackers to gain Site Admin privileges.

Formerly known as Cisco Tetration, Cisco Secure Workload helps admins reduce their network's attack surface through zero trust microsegmentation and stop lateral movement to keep business applications safe.

Tracked as CVE-2026-20223, the security flaw was found in Secure Workload's internal REST APIs, and it enables unauthenticated attackers to access resources with the privileges of the Site Admin role.

"This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint," Cisco explained in a Wednesday advisory.

"A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user."

Cisco says there are no workarounds for this security flaw, has released software updates to patch it for on-premises customers, and has already addressed it in the cloud-based Cisco Secure Workload SaaS deployment.

Cisco Secure Workload Release First Fixed Release 3.9 and earlier Migrate to a fixed release. 3.10 3.10.8.3 4.0 4.0.3.17

The company also added that its Product Security Incident Response Team (PSIRT) has not found evidence that the vulnerability has been exploited in the wild before publishing this week's advisory.

Earlier this month, Cisco warned that another maximum severity authentication bypass vulnerability (CVE-2026-20182) affecting its Catalyst SD-WAN software-based networking platform was being actively exploited as a zero-day, allowing attackers to gain admin privileges.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2026-20182 flaw to its Known Exploited Vulnerabilities Catalog on May 14 and ordered federal agencies to secure affected devices within three days, by May 17.

... continue reading

Explore topics: cisco secure workload cve-2026-20223 site admin privileges tetration rest apis
Related:
BusyBeaver(6) Is Quite Large

© 2026 GoKawiil

About | Editorial Policy | Contact