Cisco has released fixes for CVE-2026-20223, a maximum-severity flaw in Secure Workload that could let an unauthenticated remote attacker access sensitive data and alter configurations across tenant boundaries. The disclosure follows Cisco’s report of another critical authentication bypass in Catalyst SD-WAN Controller, which was exploited by UAT-8616. #CiscoSecureWorkload #CVE-2026-20223 #CatalystSDWANController #CVE-2026-20182 #UAT-8616
Keypoints
- Cisco fixed CVE-2026-20223, a maximum-severity flaw in Secure Workload.
- The bug could allow unauthenticated remote access to sensitive data.
- Successful exploitation could also enable configuration changes across tenant boundaries.
- The issue affects Cisco Secure Workload Cluster Software on SaaS and on-prem deployments.
- Cisco found the flaw during internal testing and says there is no evidence of active exploitation.
Read More: https://thehackernews.com/2026/05/cisco-patches-cvss-100-secure-workload.html