Security · 1h ago
Cisco Patches Perfect 10 Bug Allowing Unauthenticated Admin Takeover
Cisco released emergency patches for CVE-2026-20223, a CVSS 10.0 authentication bypass in Secure Workload. The flaw lets unauthenticated attackers gain Site Admin privileges via crafted API requests. It affects both SaaS and on-premises deployments with no workarounds available.
Meridian48 take
Another 'perfect 10' Cisco bug this year underscores the challenge of securing complex enterprise platforms, especially when the fix is purely a patch.
Read the full reporting
Cisco Patches CVSS 10.0 Flaw in Secure Workload — Unauthenticated Attackers Could Gain Site Admin via API →
DEV Community
ciscoauthentication-bypass