Cisco has launched security updates to deal with a maximum-severity Safe Workload vulnerability that permits attackers to achieve Web site Admin privileges.
Previously often known as Cisco Tetration, Cisco Safe Workload helps admins cut back their community’s assault floor by zero belief microsegmentation and cease lateral motion to maintain enterprise purposes protected.
Tracked as CVE-2026-20223, the security flaw was present in Safe Workload’s inside REST APIs, and it allows unauthenticated attackers to entry sources with the privileges of the Web site Admin position.
“This vulnerability is because of inadequate validation and authentication when accessing REST API endpoints. An attacker may exploit this vulnerability if they can ship a crafted API request to an affected endpoint,” Cisco defined in a Wednesday advisory.
“A profitable exploit may enable the attacker to learn delicate data and make configuration modifications throughout tenant boundaries with the privileges of the Web site Admin consumer.”
Cisco says there aren’t any workarounds for this security flaw, has launched software program updates to patch it for on-premises prospects, and has already addressed it within the cloud-based Cisco Safe Workload SaaS deployment.
| Cisco Safe Workload Launch | First Fastened Launch |
|---|---|
| 3.9 and earlier | Migrate to a hard and fast launch. |
| 3.10 | 3.10.8.3 |
| 4.0 | 4.0.3.17 |
The corporate additionally added that its Product Safety Incident Response Staff (PSIRT) has not discovered proof that the vulnerability has been exploited within the wild earlier than publishing this week’s advisory.
Earlier this month, Cisco warned that one other most severity authentication bypass vulnerability (CVE-2026-20182) affecting its Catalyst SD-WAN software-based networking platform was being actively exploited as a zero-day, permitting attackers to achieve admin privileges.
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) added the CVE-2026-20182 flaw to its Recognized Exploited Vulnerabilities Catalog on Could 14 and ordered federal businesses to safe affected units inside three days, by Could 17.
In early Could, Cisco additionally launched security updates for a denial-of-service (DoS) vulnerability in Crosswork Community Controller (CNC) and Community Companies Orchestrator (NSO), which requires manually rebooting focused programs to get well.
Over the previous 5 years, CISA has flagged 91 Cisco vulnerabilities as actively exploited, six of which have been utilized by varied ransomware gangs.
Automated pentesting instruments ship actual worth, however they have been constructed to reply one query: can an attacker transfer by the community? They weren’t constructed to check whether or not your controls block threats, your detection guidelines fireplace, or your cloud configs maintain.
This information covers the 6 surfaces you truly must validate.
Obtain Now
