By Carly Page
Publication Date: 2026-05-21 11:27:00
Security
Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs
Cisco has disclosed yet another perfect 10 vulnerability, this time warning that unauthenticated attackers could gain Site Admin privileges in its Secure Workload platform simply by sending crafted API requests to vulnerable systems.
The bug, tracked as CVE-2026-20223, earned the full 10.0 CVSS treatment and affects Cisco Secure Workload Cluster Software in both SaaS and on-prem environments. According to Cisco’s barebones advisory, the issue boils down to weak validation and authentication checks in internal REST API endpoints.
In practical terms, that means attackers don’t require credentials, user interaction, or any significant effort to exploit the bug. Cisco said a successful attack could allow remote attackers to “read sensitive information and make configuration…
