CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-20223 — A vulnerability in the access validation of internal REST APIs of Cisco Sec...

·Source: NIST NVD

Updated:

Executive Summary

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a cra

Analysis

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. CVSS Score: 10. Published: 2026-05-20T17:16:20.400.

Indicators of Compromise (1)

CVE (1)
CVE-2026-20223
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 20, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Mercury raises $200 million

Mercury, a provider of banking services for entrepreneurs and the tech industry, has raised $200 million in a Series D at a $5.2 billion valuation.

Finextra
MEDIUMVulnerability

FTC warns 12 major tech firms of violating Take It Down Act

The law mandates that platforms make it easy for people to ask that nonconsensual intimate images be removed and to delete them within 48 hours of a request.

The Record
MEDIUMVulnerability

Zip and InComm Payments bring instalments to the gift card market

Zip (ASX: ZIP), the digital financial services company offering innovative, people-centered products for everyday Americans, and InComm Payments, a global payments technology company, today announced a partnership that brings installment buying to the gift card category.

Finextra