CVE-2026-20223
Cisco Secure Workload Unauthorized API Access Vulnerability
Vexday Risk Score
48Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 10EPSS 0.9%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
20 may 2026Publicada en NVD
22 may 2026PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.
This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
Cisco · Cisco Secure WorkloadPoCs públicas encontradas — 1
githubgithub.com/HORKimhab/CVE-2026-20223★ 0⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →