Cisco warns of a critical vulnerability in Secure Workload that grants attackers full Site Admin privileges without authentication. The bug scores a maximum of 10.0 on the CVSS scale and affects both SaaS and on-premises environments. No workarounds are available.
The vulnerability, registered as CVE-2026-20223, resides in the internal REST API endpoints of Cisco Secure Workload Cluster Software. The issue arises from insufficient validation and authentication checks. Attackers do not need to use login credentials and can gain access to the system using specially crafted API calls.
Successful attacks allow attackers to read sensitive information and make configuration changes across tenant boundaries. This occurs with the privileges of the Site Admin user, according to Cisco’s security advisory.
Cross-tenant risks
The bug affects internal REST APIs rather than the web management interface. For administrators, that distinction offers little comfort, as The Register reports. The article rightly notes that cross-tenant vulnerabilities are particularly concerning because they undermine the assumption that tenants could never inherit each other’s compromises.
Cisco emphasizes that no workarounds currently exist. Customers must install releases containing the fix to fully resolve the issue. Version 3.10.8.3 resolves the issue for Secure Workload 3.10, while 4.0.3.17 contains the fix for version 4.0. Users of 3.9 or older must migrate to a supported version.
Internal discovery, no active exploitation
There is a glimmer of hope that the exploitation is and remains theoretical. Cisco reports that the vulnerability was discovered during internal testing. There are no indications of active exploitation. Nevertheless, bugs with a 10.0 severity score that do not require authentication rarely remain undiscovered for long. Cisco’s cloud-based SaaS implementations have since been patched and require no action from customers.
The vulnerability comes less than a week after Cisco disclosed another critical vulnerability in SD-WAN systems. That bug allowed attackers to grant themselves admin privileges. It adds to an increasingly long list of high-severity Cisco vulnerabilities over the past year. Incidentally, Cisco is far from the only company seeing a sharp increase in such reports. That need not necessarily be bad news, as it is possible that more vulnerabilities are being discovered than ever before as a percentage of the total number of cyber threats.