CVE-2026-20223EXPLOITEDPATCHED

cis · secure workload

Cisco Secure Workload Unauthorized API Access Vulnerability

Description

The vulnerability allows attackers to access resources with 'Site Admin' role rights without prior authentication due to insufficient validation and authentication checks on internal REST APIs.

Affected Products

Vendor	Product	Versions
cis	secure workload	2.2.1.41, 3.2.1.18, 3.3.2.50, 3.4.1.28, 3.4.1.34, 2.3.1.45, 2.3.1.41, 3.3.2.28, 3.1.1.59, 2.0.2.20, 2.1.1.33, 2.1.1.29, 3.2.1.28, 3.4.1.35, 3.1.1.65, 3.1.1.67, 2.0.1.34, 2.3.1.49, 2.2.1.39, 3.4.1.19, 3.3.2.23, 3.1.1.61, 3.1.1.54, 3.5.1.17, 3.3.2.33, 3.5.1.1, 2.3.1.53, 3.5.1.20, 3.5.1.30, 3.3.2.16, 3.1.1.55, 3.4.1.6, 2.3.1.50, 2.3.1.52, 3.2.1.19, 2.2.1.35, 3.1.1.53, 3.1.1.70, 3.2.1.20, 3.5.1.2, 1.103.1.12, 2.3.1.51, 3.3.2.42, 3.4.1.1, 3.3.2.12, 2.1.1.31, 3.5.1.23, 3.3.2.53, 3.4.1.14, 3.3.2.2, 3.4.1.20, 3.3.2.35, 2.2.1.34, 1.102.21, 3.3.2.5, 3.5.1.31, 3.6.1.5, 3.2.1.31, 3.5.1.37, 3.4.1.40, 3.6.1.17, 3.6.1.21, 3.2.1.32, 3.2.1.33, 3.6.1.35, 3.6.1.36, 3.7.1.5, 3.6.1.47, 3.7.1.22, 3.6.1.52, 3.7.1.39, 3.8.1.1, 3.7.1.51, 3.8.1.19, 3.8.1.36, 3.7.1.59, 3.8.1.39, 3.9.1.1, 3.9.1.10, 3.9.1.24, 3.9.1.25, 3.9.1.28, 3.9.1.38, 3.8.1.53, 3.9.1.52, 3.10.1.1, 3.9.1.64, 3.10.2.11, 3.9.1.66, 3.10.3.19, 3.9.1.69, 3.10.4.8, 3.10.5.6, 4.0.1.1, 4.0.2.4, 4.0.2.5, 3.10.6.3, 3.10.7.4, 4.0.3.13, 3.10.8.3

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
cis	secure_workload	cert_advisory	90%

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy

Related News (9 articles)

Tier B

BSI Advisories17d ago

[NEU] [hoch] Cisco Secure Workload: Schwachstelle ermöglicht Erlangen von Administratorrechten

→ No new info (linked only)

Tier D

Heise Security17d ago

Cisco stopft Sicherheitsleck mit Höchstwertung in Secure Workload

→ No new info (linked only)

Tier D

The Hacker News17d ago

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

→ No new info (linked only)

Tier D

CSO Online18d ago

Critical vulnerability in Cisco Secure Workload rated at maximum severity

→ No new info (linked only)

Tier D

SecurityWeek18d ago

Cisco Patches Critical Vulnerability in Secure Workload

→ No new info (linked only)

Tier B

CERT-FR19d ago

Vulnérabilité dans Cisco Secure Workload (21 mai 2026)

→ No new info (linked only)

Tier B

CCCS Canada19d ago

Cisco security advisory (AV26-491)

→ No new info (linked only)

Tier C

VulDB19d ago

CVE-2026-20223 | Cisco Secure Workload up to 4.0.3.13 REST API missing authentication (cisco-sa-csw-pnbsa-g8WEnuy)

→ No new info (linked only)

Tier A

Cisco Security19d ago

Cisco Secure Workload Unauthorized API Access Vulnerability

→ No new info (linked only)

CVSS 3.110.0 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

4.0.3.17

CWECWE-306

PublishedMay 20, 2026

Last enriched17d agov6

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-20182EXPKEV

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

Trending: 110

HIGHCVE-2026-20245EXP

Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability

Trending: 90

CRITICALCVE-2026-20230EXP

CVE-2026-20230: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Ma

Trending: 58

HIGHCVE-2026-20233EXP

Cisco Webex Meetings Cross-Site Scripting Vulnerability

Trending: 35

HIGHCVE-2026-20175EXP

Cisco Finesse File Inclusion Vulnerability

Trending: 33

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 20, 2026

Discovered by ZDM

May 20, 2026

Actively Exploited

May 21, 2026

Exploit Available

May 21, 2026

Patch Available

May 21, 2026

Updated: affectedVersions

May 21, 2026

Updated: description

May 21, 2026

Updated: description

May 22, 2026

Updated: description

May 22, 2026

Updated: exploitAvailable, activelyExploited

May 22, 2026

Version History

Last enriched 17d ago

v6Tier D17d ago

Updated affected versions to include 3.10.8.3, marked exploit as available, and noted that the vulnerability is actively exploited.

exploitAvailableactivelyExploited

via Heise Security

v5Tier D17d ago

Updated description with technical details, added affected version 3.10.8.3, and marked exploit as available and actively exploited.

description

via Heise Security

v4Tier D17d ago

Updated vendor to Cisco, added description about insufficient validation and authentication, and marked exploit as available and actively exploited.

description

via The Hacker News

v3Tier D18d ago

Updated vendor to Cisco, added affected version 3.10.8.3, marked exploit as available and actively exploited, and provided a more detailed description of the vulnerability.

description

via CSO Online

v2Tier D18d ago

Updated vendor to Cisco, added new affected version 3.10.8.3, and confirmed CVSS score of 10.0.

affectedVersions

via SecurityWeek

v119d ago

Initial creation