Critical severity10.0NVD Advisory· Published May 20, 2026· Updated May 20, 2026

CVE-2026-20223

Description

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.

This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated remote attackers can gain Site Admin privileges on Cisco Secure Workload by sending crafted API requests.

Vulnerability

Details

CVE-2026-20223 is a critical vulnerability in Cisco Secure Workload’s internal REST API access validation. The root cause is insufficient validation and authentication controls on REST API endpoints, allowing unauthenticated remote attackers to bypass access controls [1].

Exploitation

Scenario

An attacker can exploit this flaw by sending specially crafted API requests to an affected endpoint without any authentication [1]. The exploitation requires network access to the affected system but no prior credentials or user interaction. Cisco notes that this vulnerability affects both SaaS and on-premise deployments of the Cisco Secure Workload Cluster Software [1].

Impact

Successful exploitation grants the attacker privileges equivalent to the Site Admin role. This allows reading sensitive information and making configuration changes across tenant boundaries, severely compromising the confidentiality and integrity of the affected system [1].

Mitigation

Cisco has released software updates to address this vulnerability. There are no workarounds available. Users should patch their systems as soon as possible to mitigate risk [1].

References

Cisco Security Advisory: Cisco Secure Workload Unauthorized API Access Vulnerability

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Secure Workloadllm-create

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuynvd

News mentions

No linked articles in our index yet.

cvss	0.650
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000