Summary
Cisco patched a critical CVSS 10.0 vulnerability in Secure Workload that allows unauthenticated attackers to gain Site Admin privileges via crafted API calls. The flaw enables unauthorized data access and configuration changes across tenant boundaries in both SaaS and on-premises environments.
Take Action:
Make sure your Cisco Secure Workload clusters are isolated from the internet and accessible only from trusted networks. If you run on-premises Cisco Secure Workload, immediately update to version 3.10.8.3 or 4.0.3.17 to patch CVE-2026-20223; if you're on versions 3.9 or older, plan a migration to a supported patched release since no direct updates are available.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)