Cisco on Wednesday announced patches for a critical-severity vulnerability in Secure Workload that could allow attackers to access site resources with Site Admin privileges.
The flaw, tracked as CVE-2026-20223 (CVSS score of 10/10), exists due to insufficient validation and authentication in the REST API endpoints.
“An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint,” Cisco notes in its advisory.
Successful exploitation of the security defect allows an attacker to read sensitive information and modify configurations across tenant boundaries, with Site Admin privileges.
“This vulnerability affects Cisco Secure Workload Cluster Software on SaaS and on-prem deployments, regardless of device configuration. This vulnerability affects only internal REST APIs and does not affect the web-based management interface,” Cisco explains.
The weakness was addressed in Secure Workload versions 3.10.8.3 and 4.0.3.17. Cisco says it is not aware of this issue being exploited in the wild, but recommends that all users update their appliances to avoid future exposure.
On Wednesday, the tech giant also released patches for three medium-severity vulnerabilities affecting the ThousandEyes Virtual Appliance, ThousandEyes Enterprise Agent, and Nexus 3000 and 9000 series switches.
The bugs could allow attackers to execute commands remotely with root privileges or as the node user, and to trigger BGP peer flaps, leading to a denial-of-service (DoS) condition.
None of these security defects appears to have been exploited in the wild, the company says. Additional information can be found on Cisco’s security advisories page.
Related: Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
Related: Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
Related: Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
Related: Anthropic Silently Patches Claude Code Sandbox Bypass
