Critical CVE‑2026‑20223 in Cisco Secure Workload REST API Enables Unauthenticated Data Access
What It Is – Cisco Secure Workload (formerly Tetration) contained a critical authentication bypass in several REST API endpoints. An unauthenticated remote attacker could query these endpoints and retrieve configuration data, policy details, and potentially tenant‑level information.
Exploitability – No public exploit code has been observed, but the flaw is trivial to weaponize given the lack of authentication. CVSS v3.1 base score 10.0 (Critical).
Affected Products – Cisco Secure Workload (all versions prior to the May 2026 patch).
TPRM Impact – Organizations that rely on Cisco Secure Workload as a security control for their cloud workloads inherit the risk of data leakage and downstream supply‑chain exposure. A breach of configuration data could reveal internal network topology, segmentation policies, and secrets used by third‑party services.
Recommended Actions –
- Deploy Cisco’s May 2026 security patches immediately.
- Verify that all Secure Workload appliances are running the patched firmware via Cisco’s advisory.
- Conduct a post‑patch audit of API access logs for any anomalous requests before the patch date.
- Re‑evaluate API exposure: enforce network‑level segmentation and MFA for any administrative API usage.
- Update third‑party risk registers to flag Cisco Secure Workload as a high‑risk vendor until remediation is confirmed.
Source: The Hacker News