VulnerabilityBleeping Computer
10.0 — CRITICAL
Max severity Cisco Secure Workload flaw gives Site Admin privileges
Cisco has released security updates to address a maximum-severity vulnerability in Secure Workload that allows attackers to gain Site Admin privileges. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A maximum-severity vulnerability in Cisco Secure Workload allows unauthenticated attackers to access resources with Site Admin privileges, posing a significant risk to organizations using the software.
⚙️Technical Details
CVEs
CVE-2026-20223CVE-2026-20182
Affected Systems
Cisco Secure WorkloadCisco Catalyst SD-WAN Manager
Attack Vectors
NETWORK
💥Impact Assessment
Severity: CRITICAL
Who Is at Risk
Organizations using Cisco Secure Workload, particularly those with unpatched systems.
🛡️Recommended Actions
1Apply the latest security updates to affected systems as soon as possible.
2Implement additional authentication and validation measures for REST API endpoints.
3Monitor system logs for suspicious activity and investigate any unauthorized access attempts.
📦Affected Products
Cisco Catalyst Sd-Wan ManagerCisco Sd-Wan Vsmart ControllerCisco Secure WorkloadCisco Catalyst SD-WAN Manager
🔐NVD Verified DataVERIFIED
CVE-2026-20223 ↗CVSS 10 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HWeaknesses
CWE-306
CVE-2026-20182 ↗CVSS 10 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HWeaknesses
CWE-287
Affected Products (CPE)
Cisco Catalyst Sd-Wan ManagerCisco Sd-Wan Vsmart Controller
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.