Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints. "An attacker could exploit this vulnerability if they are able to send

The article reports a critical CVE-2026-20223 vulnerability (CVSS 10.0) in Cisco Secure Workload’s internal REST APIs that allows an unauthenticated remote attacker to send crafted API requests to read sensitive data and modify configurations across tenant boundaries with Site Admin privileges on both SaaS and on‑prem deployments.[1][2][3][5] Cisco states there are no workarounds and customers must upgrade to fixed versions (3.10.8.3 or 4.0.3.17, or migrate from 3.9 and earlier) and that the flaw was found internally with no evidence of active exploitation yet.[1][2][3][5] From a CyberSE.AI perspective, any AI or data-processing agents integrated with Secure Workload APIs (for observability, policy automation, or remediation workflows) could be abused as a powerful data exfiltration and cross-tenant configuration channel if the underlying platform APIs are compromised, so organizations should: (1) rapidly patch or migrate, (2) restrict and monitor AI/automation access to high-privilege infrastructure APIs, and (3) include similar API-level privilege-bypass scenarios in continuous AI red teaming and supply-chain risk assessments.