Critical Cisco Secure Workload Flaw Allows Unauthorized API

A critical security vulnerability in Cisco’s Secure Workload platform could allow unauthenticated attackers to gain unauthorized access to sensitive resources via internal APIs, the company disclosed.

The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.0 and is categorized under CWE-306 (Missing Authentication for Critical Function).

The issue stems from improper authentication and insufficient validation in internal REST API endpoints.

An attacker can exploit this flaw by sending specially crafted API requests to affected endpoints without requiring any authentication.

Successful exploitation could grant attackers Site Admin-level privileges, enabling them to gain full control over affected environments.

Cisco Secure Workload Vulnerability

With elevated privileges, attackers may access sensitive data, modify configurations, and potentially impact multiple tenants within a shared deployment.

This cross-tenant risk significantly increases the severity of the vulnerability, particularly in enterprise and cloud-hosted environments where Cisco Secure Workload is widely deployed for application visibility and microsegmentation.

The vulnerability impacts Cisco Secure Workload Cluster Software across both SaaS and on-premises deployments, regardless of system configuration.

However, Cisco clarified that the issue is limited to internal REST APIs and does not affect the platform’s web-based management interface.

Cisco has confirmed that no workarounds are currently available to mitigate the vulnerability.

Organizations are strongly advised to upgrade to fixed software versions to address the risk. The following releases include patches:

• Version 3.10: Fixed in 3.10.8.3
• Version 4.0: Fixed in 4.0.3.17
• Versions 3.9 and earlier: Customers must migrate to a supported fixed release

For SaaS deployments, Cisco has already applied the necessary fixes, and no customer action is required.

Although no active exploitation or public proof-of-concept has been reported, the critical severity and ease of exploitation make this vulnerability a high-priority concern for security teams.

The flaw was identified during Cisco’s internal security testing, highlighting ongoing risks associated with insufficient API access controls.

Security teams should prioritize patching affected systems immediately and review API exposure within their environments.

Monitoring for unusual API activity, unauthorized configuration changes, and anomalous access patterns is recommended as part of defense-in-depth strategies.

According to Cisco’s advisory, this vulnerability underscores the growing attack surface associated with internal APIs, which are often overlooked in traditional security assessments.

As attackers increasingly target backend services, ensuring robust authentication and validation mechanisms across all API layers remains essential.

Organizations using Cisco Secure Workload are encouraged to review the full advisory and apply updates without delay to prevent potential compromise.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.