CVE-2026-20223

Daily digests

An unauthenticated remote attacker can hit internal REST APIs on Cisco Secure Workload and get full Site Admin privileges. That means reading sensitive data and changing configuration across tenant boundaries, no credentials required. This is a CVSS 10.0 for good reason: no auth, no user interaction, full cross-tenant control.

• Daily Digest · May 21, 2026

  Cisco Secure Workload CVSS 10, no auth needed