CVE-2026-20223 — Cisco Secure Workload: CVSS 10.0 zero-auth REST API grants Site Admin across all tenants, no workaround

An access-validation failure in the internal REST API of Cisco Secure Workload (formerly Tetration), the enterprise micro-segmentation platform, lets an unauthenticated network attacker obtain Site Admin privileges across all tenants (CVSS 10.0, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). There is no workaround — patching is the only remediation. No confirmed exploitation yet, but a perfect-10 zero-auth admin bug on a segmentation controller is an attractive target: compromise of the micro-segmentation fabric undermines every downstream lateral-movement control. NCSC.ch carried it on the Cyber Security Hub (post 12588). Patch on the highest-priority schedule and restrict management-plane network reachability in the interim.