CVE-2026-20223 let attackers reach site resources with Site Admin privileges in Cisco Secure Workload, prompting patches for SaaS and on-prem deployments.
Insufficient validation and authentication in internal REST API endpoints allowed crafted requests to read sensitive data and change configurations across tenant boundaries.
Cisco fixed the issue in Secure Workload 3.10.8.3 and 4.0.3.17, saying the web management interface was unaffected and no in-the-wild exploitation is known.
Three medium-severity bugs were patched the same day in ThousandEyes products and Nexus 3000/9000 switches, with potential for remote command execution or BGP peer flaps causing DoS.
As Cisco exploits fetch $150,000, is this new 'perfect 10' flaw already for sale on the dark web?
If cloud users are already safe, are on-premise data centers now the weakest link in enterprise security?
Why do 'keys to the kingdom' security flaws keep appearing in the very products meant to protect us?