Description
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.

This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. 
Published: 2026-05-20
Score: 10 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the access validation of internal REST APIs allows an unauthenticated remote attacker to impersonate a Site Admin, read sensitive data, and modify configuration across tenant boundaries. The weakness stems from missing authentication checks for high‑privilege API endpoints, enabling attackers to gain full administrative control without legitimate credentials.

Affected Systems

The vulnerability impacts Cisco Secure Workload deployments. Specific product versions are not disclosed, so all installations running Cisco Secure Workload before a remediation are potentially affected.

Risk and Exploitability

With a CVSS score of 10, the risk is highest. The EPSS score is not available, but the vulnerability is listed as not present in the CISA KEV catalog, suggesting no discovered public exploits yet. Attackers can target the exposed REST API endpoints from any network location, and the lack of authentication makes exploitation trivial once the endpoint is reachable.

Generated by OpenCVE AI on May 20, 2026 at 17:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or upgrade to a non‑vulnerable release as soon as it becomes available
  • Limit access to the internal REST API by configuring firewall rules or VPN requirements so only trusted networks can reach the endpoints
  • Enable multi‑factor authentication for API access or enforce strict token rotation to reduce the risk of credential compromise
  • Configure comprehensive logging and real‑time alerts for unauthenticated or anomalous API requests to detect potential exploitation attempts

Generated by OpenCVE AI on May 20, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. 
Title Cisco Secure Workload Unauthorized API Access Vulnerability
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-05-20T18:32:24.940Z

Reserved: 2025-10-08T11:59:15.399Z

Link: CVE-2026-20223

cve-icon Vulnrichment

Updated: 2026-05-20T18:32:21.218Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T17:16:20.400

Modified: 2026-05-20T17:30:40.450

Link: CVE-2026-20223

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T17:30:35Z

Weaknesses