Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
CVE-2026-20223: Cisco Secure Workload Internal API Privilege Escalation
CVE-2026-20223
Summary
A vulnerability in Cisco Secure Workload's internal APIs could allow an unauthorized attacker to access sensitive resources and make changes with administrator privileges. This could happen if an attacker sends a specially crafted request to the affected API. To protect your site, ensure you have the latest updates installed for Cisco Secure Workload.
Original title
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the ...
Original description
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.
This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.
This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.
nvd CVSS3.1
10.0
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 20 May 2026 · Updated: 28 May 2026 · First seen: 20 May 2026