Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

The Hacker News by The Hacker News
May 22, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananMay 22, 2026Vulnerability / Network Security

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data.

Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints.

“An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint,” Cisco said. “A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.”

The shortcoming impacts Cisco Secure Workload Cluster Software on SaaS and on-prem deployments, regardless of device configuration. Cisco said there are no workarounds that address the vulnerability.

The issue has been addressed in the following versions –

  • Cisco Secure Workload Release 3.9 and earlier (Migrate to a fixed release)
  • Cisco Secure Workload Release 3.10 (Fixed in 3.10.8.3)
  • Cisco Secure Workload Release 4.0 (Fixed in 4.0.3.17)

The networking equipment major said it found the vulnerability during internal security testing and that there is no evidence of it being exploited in the wild.

The disclosure comes a week after Cisco revealed that another maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller (CVE-2026-20182, CVSS score: 10.0) has been exploited by a threat actor known as UAT-8616 to gain unauthorized access to SD-WAN systems.



Source link

The Hacker News

The Hacker News

Next Post
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

Recommended.

DataCore Acquires StarWind, Adding HCI Technology For Edge, Remote-Office/Back-Office Applications

DataCore Acquires StarWind, Adding HCI Technology For Edge, Remote-Office/Back-Office Applications

May 21, 2025
JPMorgan forms special advisory group to share some of bank’s ‘secret sauce’ with clients

JPMorgan forms special advisory group to share some of bank’s ‘secret sauce’ with clients

January 5, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio