Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical vulnerability in Cisco Secure Workload, Patch Immediately!
Image
Published : 26/05/2026
- Last update: 22/05/2026
- Affected software: Cisco Secure Workload
- Type: Authentication bypass
- CVE/CVSS: CVE-2026-20223: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
- Vendor advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy
- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20223
Risks
Cisco Secure Workload, formerly known as Cisco Tetration, is a security and analytics platform designed to protect application workloads across any hybrid or multicloud environment.
CVE-2026-20223 is remotely exploitable by an unauthenticated attacker, allowing them to use the API to read sensitive information and make configuration changes with Site Admin privileges. There is a high impact to confidentiality, integrity and availability.
Cisco is not aware of any exploitation in the wild.
Description
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.
SaaS deployments are already patched by Cisco, on-prem deployments should be patched as fast as possible. Cisco indicates there are no workarounds that address this vulnerability.
This vulnerability was mitigated following internal discovery by Cisco security teams. The Cisco PSIRT is not aware of any public announcements or malicious use of CVE-2026-20223. Given the low attack complexity and the potentially high impact, future exploitation is anticipated.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends to prioritize patching for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.