Cisco Secure Workload Unauthorized API Access Vulnerability
Summary
| CVE | CVE-2026-20223 |
|---|---|
| State | PUBLISHED |
| Assigner | cisco |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-20 17:16:20 UTC |
| Updated | 2026-05-20 17:30:40 UTC |
| Description | A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. |
Risk And Classification
Primary CVSS: v3.1 10 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS: 0.000640000 probability, percentile 0.198360000 (date 2026-05-27)
Problem Types: CWE-306 | CWE-306 Missing Authentication for Critical Function
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 10 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | CNA | CVSSV3_1 | 10 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
ChangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Cisco | Cisco Secure Workload | affected 2.2.1.41 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.2.1.18 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.3.2.50 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.4.1.28 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.4.1.34 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.3.1.45 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.3.1.41 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.3.2.28 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.1.1.59 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.0.2.20 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.1.1.33 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.1.1.29 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.2.1.28 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.4.1.35 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.1.1.65 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.1.1.67 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.0.1.34 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.3.1.49 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.2.1.39 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.4.1.19 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.3.2.23 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.1.1.61 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.1.1.54 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.5.1.17 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.3.2.33 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.5.1.1 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.3.1.53 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.5.1.20 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.5.1.30 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.3.2.16 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.1.1.55 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.4.1.6 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.3.1.50 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.3.1.52 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.2.1.19 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.2.1.35 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.1.1.53 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.1.1.70 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.2.1.20 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.5.1.2 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 1.103.1.12 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.3.1.51 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.3.2.42 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.4.1.1 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.3.2.12 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.1.1.31 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.5.1.23 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.3.2.53 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.4.1.14 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.3.2.2 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.4.1.20 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.3.2.35 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 2.2.1.34 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 1.102.21 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.3.2.5 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.5.1.31 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.6.1.5 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.2.1.31 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.5.1.37 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.4.1.40 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.6.1.17 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.6.1.21 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.2.1.32 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.2.1.33 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.6.1.35 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.6.1.36 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.7.1.5 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.6.1.47 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.7.1.22 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.6.1.52 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.7.1.39 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.8.1.1 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.7.1.51 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.8.1.19 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.8.1.36 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.7.1.59 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.8.1.39 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.9.1.1 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.9.1.10 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.9.1.24 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.9.1.25 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.9.1.28 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.9.1.38 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.8.1.53 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.9.1.52 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.10.1.1 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.9.1.64 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.10.2.11 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.9.1.66 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.10.3.19 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.9.1.69 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.10.4.8 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.10.5.6 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 4.0.1.1 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 4.0.2.4 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 4.0.2.5 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.10.6.3 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 3.10.7.4 | Not specified |
| CNA | Cisco | Cisco Secure Workload | affected 4.0.3.13 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pn... | [email protected] | sec.cloudapps.cisco.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
Exploits
CNA: The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
There are currently no legacy QID mappings associated with this CVE.