A critical vulnerability in Cisco Secure Workload Cluster Software allows attackers to gain full Site Admin privileges without authentication. The issue affects internal REST API endpoints in both SaaS and on-premises deployments and has a CVSS score of 10.0. The flaw results from insufficient validation and authentication checks, enabling access through specially crafted API calls rather than login credentials. Successful exploitation can read sensitive information and make configuration changes across tenant boundaries using Site Admin privileges. No workarounds are available, so customers must install fixed releases. Secure Workload 3.10 is fixed in version 3.10.8.3, and version 4.0 is fixed in 4.0.3.17. Versions 3.9 and older require migration to a supported release.
"Cisco warns of a critical vulnerability in Secure Workload that grants attackers full Site Admin privileges without authentication. The bug scores a maximum of 10.0 on the CVSS scale and affects both SaaS and on-premises environments. No workarounds are available. The vulnerability, registered as CVE-2026-20223, resides in the internal REST API endpoints of Cisco Secure Workload Cluster Software. The issue arises from insufficient validation and authentication checks."
"Attackers do not need to use login credentials and can gain access to the system using specially crafted API calls. Successful attacks allow attackers to read sensitive information and make configuration changes across tenant boundaries. This occurs with the privileges of the Site Admin user, according to Cisco's security advisory. Cross-tenant risks are particularly concerning because they undermine the assumption that tenants could never inherit each other's compromises."
"Cisco emphasizes that no workarounds currently exist. Customers must install releases containing the fix to fully resolve the issue. Version 3.10.8.3 resolves the issue for Secure Workload 3.10, while 4.0.3.17 contains the fix for version 4.0. Users of 3.9 or older must migrate to a supported version. Cisco reports that the vulnerability was discovered during internal testing and there are no indications of active exploitation."
#cisco-secure-workload #cve-2026-20223 #unauthenticated-rceprivilege-escalation #cross-tenant-data-exposure #rest-api-security
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]