Cisco Patches Critical CVSS 10.0 Authentication Bypass in Secure Workload

beyondmachines1@infosec.exchange

Cisco Patches Critical CVSS 10.0 Authentication Bypass in Secure Workload

Cisco patched a critical CVSS 10.0 vulnerability in Secure Workload that allows unauthenticated attackers to gain Site Admin privileges via crafted API calls. The flaw enables unauthorized data access and configuration changes across tenant boundaries in both SaaS and on-premises environments.

**Make sure your Cisco Secure Workload clusters are isolated from the internet and accessible only from trusted networks. If you run on-premises Cisco Secure Workload, immediately update to version 3.10.8.3 or 4.0.3.17 to patch CVE-2026-20223; if you're on versions 3.9 or older, plan a migration to a supported patched release since no direct updates are available.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-patches-critical-cvss-10-0-authentication-bypass-in-secure-workload-e-r-6-z-j/gD2P6Ple2L