Cisco released fixes for a critical flaw in Secure Workload, tracked as CVE-2026-20223, that could let attackers gain Site Admin privileges and access or alter tenant resources through crafted REST API requests. The company also patched three medium-severity bugs in ThousandEyes and Nexus switches that could enable remote command execution or trigger BGP peer flaps causing denial of service. #CVE-2026-20223 #CiscoSecureWorkload #ThousandEyes #Nexus3000 #Nexus9000
Keypoints
- Cisco fixed a critical vulnerability in Secure Workload.
- CVE-2026-20223 has a CVSS score of 10.0.
- The flaw stems from insufficient validation and authentication in REST API endpoints.
- Successful exploitation could expose sensitive data and modify configurations across tenant boundaries.
- Cisco also patched three medium-severity bugs affecting ThousandEyes and Nexus switches.
Read More: https://www.securityweek.com/cisco-patches-critical-vulnerability-in-secure-workload/