Cisco has released fixes for CVE-2026-20223, a maximum-severity Secure Workload flaw that could let unauthenticated attackers obtain Site Admin privileges through crafted REST API requests. The issue can expose sensitive data and allow configuration changes across tenant boundaries, while Cisco says no workarounds exist and there is no evidence of in-the-wild exploitation so far. #CiscoSecureWorkload #CVE-2026-20223 #Cisco #PSIRT
Keypoints
- Cisco patched a maximum-severity flaw in Secure Workload.
- The bug is tracked as CVE-2026-20223.
- Attackers could gain Site Admin privileges through internal REST APIs.
- The flaw could expose sensitive information and enable cross-tenant configuration changes.
- Cisco released updates for on-premises customers and fixed the issue in SaaS.