Cisco has released security updates to fix a maximum-severity authentication bypass in its Secure Workload platform that allows unauthenticated attackers to access sensitive data and escalate privileges across tenant boundaries. Tracked as CVE-2026-20223 with a CVSS score of 10.0, the vulnerability affects the internal REST API endpoints used to manage the cloud-native security product.
The flaw stems from insufficient authentication and access validation on Secure Workload's API layer. By sending a crafted request to an affected endpoint, a remote attacker can bypass access controls entirely and operate with Site Admin privileges. This grants the ability to read sensitive configuration data and make changes across tenant boundaries — a critical concern for multi-tenant deployments where isolation between customers is assumed.
Secure Workload operates as a centralized policy enforcement engine for cloud-native infrastructure, available in both SaaS and on-premises deployments. The vulnerability affects all device configurations but is limited to internal REST APIs; the web-based management interface is not impacted.
Cisco advises immediate patch deployment. The company confirmed it discovered the flaw during internal security testing and is not aware of any exploitation in the wild. Fixed releases are available for Secure Workload 3.10 (version 3.10.8.3) and 4.0 (version 4.0.3.17). Organizations running 3.9 or earlier must migrate to a supported release. The SaaS deployment has already been patched by Cisco with no user action required.
Cisco states there are no workarounds that address this vulnerability, leaving patch deployment as the only remediation path. Security teams should verify their deployed versions against the advisory and prioritize updates accordingly.
The disclosure follows another maximum-severity authentication bypass in Cisco's Catalyst SD-WAN Controller (CVE-2026-20182, CVSS 10.0) that was actively exploited by a threat actor to gain unauthorized admin access. The pattern underscores the risk facing API-driven infrastructure management platforms, where a single authentication gap can compromise an entire security control plane.
Cisco 已推出安全更新,修補其 Secure Workload 平台中一個最高嚴重程度的認證繞過漏洞,該漏洞允許未認證的攻擊者存取敏感資料及跨越租戶邊界提升權限。此漏洞編號為 CVE-2026-20223,CVSS 評分達 10.0,影響用於管理此雲端原生安全產品的內部 REST API 端點。
該缺陷源於 Secure Workload API 層面的認證和存取驗證不足。透過向受影響的端點發送精心構造的請求,遠程攻擊者可完全繞過存取控制,並以 Site Admin 權限運作。這使其能夠讀取敏感配置資料及跨越租戶邊界進行更改——對於假設客戶之間隔離的多租戶部署而言,此屬關鍵隱患。
Secure Workload 作為雲端原生基礎設施的集中政策執行引擎,提供 SaaS 和本地部署兩種模式。該漏洞影響所有設備配置,但僅限於內部 REST API;基於網頁的管理介面不受影響。
Cisco 建議立即部署修補程式。該公司確認在內部安全測試中發現此漏洞,目前未發現任何野外 exploitation。Secure Workload 3.10(版本 3.10.8.3)和 4.0(版本 4.0.3.17)已提供修復版本。運行 3.9 或更早版本的機構必須遷移至受支援的版本。SaaS 部署已由 Cisco 修補,無需用戶採取任何行動。
Cisco 表示沒有任何可解決此漏洞的變通方法,部署修補程式是唯一的補救途徑。安全團隊應根據公告核實已部署的版本,並相應地優先處理更新。
此次披露緊隨 Cisco Catalyst SD-WAN Controller 另一宗最高嚴重程度認證繞過漏洞(CVE-2026-20182,CVSS 10.0)之後,該漏洞遭威脅行為者 actively exploitation 以獲取未經授權的管理員存取權。此模式突顯 API 驅動基礎設施管理平台面臨的風險:單一認證缺口即可危及整個安全控制平面。