Cisco has revealed a severe security flaw in its Secure Workload platform enabling unauthenticated attackers to obtain Site Admin privileges by exploiting weak API validation. The flaw has been rated a maximum severity 10.0 and affects both SaaS and on-premises deployments.

  • Unauthenticated API flaw allows full Site Admin access
  • Cross-tenant risk undermines multi-tenant cloud security assumptions
  • Patches available for supported versions; SaaS already updated

What happened

Cisco disclosed a critical vulnerability in its Secure Workload platform that permits unauthorized attackers to gain site-wide administrative rights by sending specially crafted requests to vulnerable internal REST APIs. This issue requires no user credentials or interaction, reflecting a severe weakness in the platform’s API security.

Designated CVE-2026-20223 and awarded the highest severity score of 10.0, the bug affects both cloud-based SaaS deployments and on-premises versions of Cisco Secure Workload Cluster Software. Cisco promptly patched SaaS environments and released fixed versions for supported on-premises releases, urging customers to migrate if using older, unsupported software.

Why it matters

This vulnerability enables attackers to access and modify sensitive configuration settings across tenant boundaries within multi-tenant infrastructure, a serious breach of fundamental cloud security principles. Cross-tenant risks can lead to data exposure and the compromise of unrelated customers sharing the same environment.

Because the flaw operates through internal REST APIs rather than the public management interfaces, traditional security controls may not detect or block these malicious API calls. The lack of workarounds combined with a perfect 10 severity score heightens the urgency for organizations to apply patches promptly to avoid exploitation.

What to watch next

Organizations using Cisco Secure Workload platforms should prioritize upgrading to the patched versions (3.10.8.3, 4.0.3.17) as no mitigations short of updates exist. Monitoring for unusual API activity and reviewing internal security controls around API access are recommended steps.

Given Cisco’s recent pattern of revealing multiple high-severity infrastructure vulnerabilities across its network and security products, attention should be paid to emerging advisories and potential exploit attempts targeting these or related flaws. The ongoing frequency of maximum-score disclosures points to the importance of sustained investment in vulnerability management.

Source assisted: This briefing began from a discovered source item from The Register Headlines. Open the original source.
How SignalDesk reports: feeds and outside sources are used for discovery. Public briefings are edited to add context, buyer relevance and attribution before they are published. Read the standards

Related briefings

Bitbucket Cloud Expands Git Branch Sync and Merge Options Including Rebase Support Account Recovery Processes Are Becoming the Critical Security Vulnerability Trump Mobile Website Exposed Personal Data of Over 27,000 Customers