1. Home
  2. Vulnerabilities
  3. CVE-2026-20223
10.0
CRITICAL CVSS 3.1
CVE-2026-20223
Cisco Secure Workload Unauthorized API Access Vulnerability
Overview
Description

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. 

Details
INFO

Published Date :

May 20, 2026, 5:16 p.m.

Last Modified :

May 20, 2026, 5:30 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Impact
Affected Products

The following products are affected by CVE-2026-20223 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cisco secure_workload
: Total Affected Vendor : 1 | Products : 1
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
Solution
Address access validation flaws in internal REST APIs to prevent unauthorized access.
  • Update Cisco Secure Workload to the latest version.
  • Implement strict access controls for REST APIs.
  • Validate all user authentication and authorization.
  • Restrict access to sensitive site resources.
Public PoC/Exploit Available at Github

CVE-2026-20223 has a 3 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-20223.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-20223 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-20223 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
HORKimhab/CVE-2026-20223

CVE-2026-20223

Python Shell

Updated: 2 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : May 22, 2026, 6:04 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
elbelicojackson-hue/haking-code-

None

TypeScript Batchfile JavaScript Dockerfile HTML CSS Shell PowerShell Go PLpgSQL

Updated: 2 weeks, 3 days ago
33 stars 6 fork 6 watcher
Born at : May 21, 2026, 1:12 p.m. This repo has been linked 7 different CVEs too.
Profile Photo
nomi-sec/PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 3 days, 13 hours ago
7810 stars 1261 fork 1261 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 718 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-20223 vulnerability anywhere in the article.

  • TheCyberThrone
CISA adds Langflow and Trend Micro Apex One to KEV

May 22, 2026CVE-2025-34291 — Langflow Origin Validation Error (RCE)CVSS: 9.4CWE: CWE-346 — Origin Validation ErrorAffected Versions: Langflow ≤ 1.6.9Vulnerability SummaryResearchers at Obsidian Securi ... Read more

Published Date: May 22, 2026 (2 weeks, 5 days ago)
  • The Cyber Express
Microsoft Patches Actively Exploited Defender Vulnerabilities Affecting Enterprise Systems

Microsoft has confirmed active exploitation of two security vulnerabilities in its security ecosystem, identified as CVE-2026-41091 and CVE-2026-45498, both evaluated under the CVSS scoring system. Th ... Read more

Published Date: May 22, 2026 (2 weeks, 5 days ago)
  • The Cyber Express
Cisco Secure Workload Flaw CVE-2026-20223 Gets Maximum CVSS 10 Rating

Cisco has released security updates to fix a critical vulnerability, tracked as CVE-2026-20223, affecting its Cisco Secure Workload platform. The flaw, which received the maximum CVSS score of 10.0, c ... Read more

Published Date: May 22, 2026 (2 weeks, 6 days ago)
  • The Hacker News
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CV ... Read more

Published Date: May 22, 2026 (2 weeks, 6 days ago)
  • TheCyberThrone
CVE-2026-20223 — Cisco Secure Workload Authentication Bypass

May 22, 2026CVE-2026-20223 is assigned a maximum CVSS base score of 10.0. The vulnerability allows remote, completely unauthenticated threat actors to cross isolated tenant boundaries and gain full co ... Read more

Published Date: May 22, 2026 (2 weeks, 6 days ago)
  • CybersecurityNews
Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access

Cisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain unauthorized access to sensitive resources via internal APIs. T ... Read more

Published Date: May 21, 2026 (2 weeks, 6 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-20223 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    May. 20, 2026

    Action Type Old Value New Value
    Added Description A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. 
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    Added CWE CWE-306
    Added Reference https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 10.0
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact