CVE-2026-20223

Summary

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.

This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. 

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Secure Workload2.2.1.41affected
CiscoCisco Secure Workload3.2.1.18affected
CiscoCisco Secure Workload3.3.2.50affected
CiscoCisco Secure Workload3.4.1.28affected
CiscoCisco Secure Workload3.4.1.34affected
CiscoCisco Secure Workload2.3.1.45affected
CiscoCisco Secure Workload2.3.1.41affected
CiscoCisco Secure Workload3.3.2.28affected
CiscoCisco Secure Workload3.1.1.59affected
CiscoCisco Secure Workload2.0.2.20affected
CiscoCisco Secure Workload2.1.1.33affected
CiscoCisco Secure Workload2.1.1.29affected
CiscoCisco Secure Workload3.2.1.28affected
CiscoCisco Secure Workload3.4.1.35affected
CiscoCisco Secure Workload3.1.1.65affected
CiscoCisco Secure Workload3.1.1.67affected
CiscoCisco Secure Workload2.0.1.34affected
CiscoCisco Secure Workload2.3.1.49affected
CiscoCisco Secure Workload2.2.1.39affected
CiscoCisco Secure Workload3.4.1.19affected
CiscoCisco Secure Workload3.3.2.23affected
CiscoCisco Secure Workload3.1.1.61affected
CiscoCisco Secure Workload3.1.1.54affected
CiscoCisco Secure Workload3.5.1.17affected
CiscoCisco Secure Workload3.3.2.33affected
CiscoCisco Secure Workload3.5.1.1affected
CiscoCisco Secure Workload2.3.1.53affected
CiscoCisco Secure Workload3.5.1.20affected
CiscoCisco Secure Workload3.5.1.30affected
CiscoCisco Secure Workload3.3.2.16affected
CiscoCisco Secure Workload3.1.1.55affected
CiscoCisco Secure Workload3.4.1.6affected
CiscoCisco Secure Workload2.3.1.50affected
CiscoCisco Secure Workload2.3.1.52affected
CiscoCisco Secure Workload3.2.1.19affected
CiscoCisco Secure Workload2.2.1.35affected
CiscoCisco Secure Workload3.1.1.53affected
CiscoCisco Secure Workload3.1.1.70affected
CiscoCisco Secure Workload3.2.1.20affected
CiscoCisco Secure Workload3.5.1.2affected
CiscoCisco Secure Workload1.103.1.12affected
CiscoCisco Secure Workload2.3.1.51affected
CiscoCisco Secure Workload3.3.2.42affected
CiscoCisco Secure Workload3.4.1.1affected
CiscoCisco Secure Workload3.3.2.12affected
CiscoCisco Secure Workload2.1.1.31affected
CiscoCisco Secure Workload3.5.1.23affected
CiscoCisco Secure Workload3.3.2.53affected
CiscoCisco Secure Workload3.4.1.14affected
CiscoCisco Secure Workload3.3.2.2affected
CiscoCisco Secure Workload3.4.1.20affected
CiscoCisco Secure Workload3.3.2.35affected
CiscoCisco Secure Workload2.2.1.34affected
CiscoCisco Secure Workload1.102.21affected
CiscoCisco Secure Workload3.3.2.5affected
CiscoCisco Secure Workload3.5.1.31affected
CiscoCisco Secure Workload3.6.1.5affected
CiscoCisco Secure Workload3.2.1.31affected
CiscoCisco Secure Workload3.5.1.37affected
CiscoCisco Secure Workload3.4.1.40affected
CiscoCisco Secure Workload3.6.1.17affected
CiscoCisco Secure Workload3.6.1.21affected
CiscoCisco Secure Workload3.2.1.32affected
CiscoCisco Secure Workload3.2.1.33affected
CiscoCisco Secure Workload3.6.1.35affected
CiscoCisco Secure Workload3.6.1.36affected
CiscoCisco Secure Workload3.7.1.5affected
CiscoCisco Secure Workload3.6.1.47affected
CiscoCisco Secure Workload3.7.1.22affected
CiscoCisco Secure Workload3.6.1.52affected
CiscoCisco Secure Workload3.7.1.39affected
CiscoCisco Secure Workload3.8.1.1affected
CiscoCisco Secure Workload3.7.1.51affected
CiscoCisco Secure Workload3.8.1.19affected
CiscoCisco Secure Workload3.8.1.36affected
CiscoCisco Secure Workload3.7.1.59affected
CiscoCisco Secure Workload3.8.1.39affected
CiscoCisco Secure Workload3.9.1.1affected
CiscoCisco Secure Workload3.9.1.10affected
CiscoCisco Secure Workload3.9.1.24affected
CiscoCisco Secure Workload3.9.1.25affected
CiscoCisco Secure Workload3.9.1.28affected
CiscoCisco Secure Workload3.9.1.38affected
CiscoCisco Secure Workload3.8.1.53affected
CiscoCisco Secure Workload3.9.1.52affected
CiscoCisco Secure Workload3.10.1.1affected
CiscoCisco Secure Workload3.9.1.64affected
CiscoCisco Secure Workload3.10.2.11affected
CiscoCisco Secure Workload3.9.1.66affected
CiscoCisco Secure Workload3.10.3.19affected
CiscoCisco Secure Workload3.9.1.69affected
CiscoCisco Secure Workload3.10.4.8affected
CiscoCisco Secure Workload3.10.5.6affected
CiscoCisco Secure Workload4.0.1.1affected
CiscoCisco Secure Workload4.0.2.4affected
CiscoCisco Secure Workload4.0.2.5affected
CiscoCisco Secure Workload3.10.6.3affected
CiscoCisco Secure Workload3.10.7.4affected
CiscoCisco Secure Workload4.0.3.13affected

Weaknesses

  • CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References