Cisco has released emergency patches for a maximum-severity vulnerability in its Secure Workload platform — a flaw so severe it earned the rarest designation in vulnerability scoring: a perfect CVSS 10.0. Tracked as CVE-2026-20223, the bug allows an unauthenticated, remote attacker to gain Site Admin privileges by sending specially crafted requests to the platform's REST API, bypassing authentication entirely.
The implications go beyond a single compromised server. Because Secure Workload is designed to manage micro-segmentation policy across entire enterprise environments — both SaaS and on-premises deployments — this flaw could give an attacker cross-tenant access to sensitive data, configuration controls, and workload management functions across an organization's entire infrastructure.
What Is CVE-2026-20223?
The vulnerability stems from insufficient validation and authentication checks on internal REST API endpoints within Cisco Secure Workload. When the platform processes incoming API requests, it fails to properly verify the caller's identity before granting access to privileged operations. An attacker needs only to send a crafted HTTP request to a vulnerable endpoint.
According to Beyond Machines, the flaw enables unauthenticated attackers to gain Site Admin privileges via crafted API calls, with no user interaction required. The Register characterized it as yet another "perfect 10" bug in Cisco's portfolio this year, underscoring the scope of the issue.








