Skip to content

Cisco patches critical vulnerability with maximum severity rating in Secure Workload

(Image: Sashkin/Shutterstock.com). Cisco has released an update that closes a security vulnerability with the highest possible risk rating in Secure Workload. The networking equipment manufacturer Cisco [1] has published several updates to patch security vulnerabilities. The most critical one has reached the highest possible risk rating and affects Cisco’s Secure Workload. In Cisco’s security advisory [2], the developers explain that it is a vulnerability in internal REST APIs that allows attackers from the network to access resources with “Site Admin” role privileges without prior authentication (CVE-2026-20223, CVSS 10.0, risk “critical”). Due to insufficient validation and lack of authentication checks, attackers can exploit the vulnerability by sending manipulated API requests to vulnerable endpoints. This allows read access and configuration changes even across tenant boundaries. Cisco does not mention any countermeasures other than the provided updates. Versions 3.10.8.3 as well as 4.0.3.17 and newer of Cisco Secure Workload correct the security-related errors. Those using older versions must migrate to these versions.

Additional security vulnerabilities in Cisco products

Cisco has also issued advisories regarding vulnerabilities in other products. A denial-of-service vulnerability exists in Cisco Nexus Switches [3] of the 3000 and 9000 series, which unauthenticated attackers from the network can trigger by sending manipulated BGP packets (CVE-2026-20171, CVSS 6.8, risk “medium”). Although Cisco states that the vulnerability has not been exploited in the wild, it does provide indicators of compromise (IOC) for successful attacks. In the BrowserBot component of Cisco’s ThousandEyes Enterprise Agent [4], authenticated attackers from the network can execute arbitrary commands on behalf of the BrowserBot “Synthetics Orchestration Process” (CVE-2026-20206, CVSS 6.3, risk “medium”). Cisco appears to have already automatically distributed the update to fix this error; the developers state that customers do not need to take any further action. In the ThousandEyes Virtual Appliance [5], authenticated attackers could also execute arbitrary commands as root on the underlying operating system due to a vulnerability in certificate handling (CVE-2026-20199, CVSS 4.7, risk “medium”). Updating to version 0.262.0 or newer addresses the vulnerability.

IT managers should not delay in applying the updates. Last week, attacks on a critical vulnerability in Cisco’s Catalyst SD-WAN Controllers [6] became known – security vulnerabilities in Cisco’s networking products are highly sought after by cybercriminals.

(dmk [8]).

URL of this article:

https://www.heise.de/-11303363

Links in this article:

https://www.heise.de/thema/Cisco

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-iefab-3hb2pwtx

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tebbot-cmdinj-wN3yQ5gn

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tevacert-rce-RMJVEym5

https://www.heise.de/news/Jetzt-patchen-Angreifer-attackieren-Cisco-Catalyst-SD-WAN-Controller-11294491.html

heise security PRO

mailto:dmk@heise.de

Copyright © 2026 Heise Medien

heise security News

Share on: