Access Validation Flaw in Cisco Secure Workload
CVE-2026-20223

10CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Secure Workload
Vendor: CVE Published:; 20 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-20223?

A vulnerability exists in Cisco Secure Workload's internal REST APIs that could permit an unauthenticated attacker to access sensitive site resources with Site Admin rights. This flaw arises from inadequate validation and authentication for REST API requests. By sending a specially crafted API request to affected endpoints, an attacker may gain unauthorized access to sensitive data and make configuration changes across tenants, exploiting the elevated privileges of a Site Admin user.

Affected Version(s)

Cisco Secure Workload 2.2.1.41

Cisco Secure Workload 3.2.1.18

Cisco Secure Workload 3.3.2.50

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 20, 2026
Vulnerability published
May 20, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20223 Data

JSON