Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload

CISCO has addressed a critical vulnerability (CVE-2026-20223) in its Secure Workload platform that could allow attackers to gain Site Admin privileges via crafted API requests. The flaw, with a CVSS score of 10.0, is due to insufficient validation and authentication in its internal REST API endpoints. Although no active exploitation has been reported, Cisco urges users to update to fixed versions 3.10.8.3 and 4.0.3.17 to mitigate risks. The vulnerability affects both SaaS and on-premises deployments but does not impact the web management interface.