Cisco Issues Emergency Patch for CVSS 10.0 Flaw in Secure Workload Platform
Cisco has released emergency patches for a critical vulnerability, CVE-2026-20223, in its Secure Workload platform, which received the maximum severity score of CVSS 10.0. The flaw allows unauthenticated remote attackers to gain full Site Admin privileges by sending specially crafted requests to the platform's REST API, requiring no user interaction. Both SaaS-hosted and on-premises deployments are affected, meaning a wide range of enterprise environments face potential exposure. Successful exploitation could allow attackers to alter micro-segmentation policies, access sensitive workload data, and potentially compromise multiple tenants in shared environments. Cisco has confirmed there are no known workarounds, making immediate patching the only available remediation.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in