ctipilot.ch

Home · Live brief · Weekly 2026-W21

CVE-2026-20223 — Cisco Secure Workload: CVSS 10.0 zero-auth REST API grants Site Admin across all tenants, no workaround

notable vulnerability discovered 2026-05-18 05:00 UTC

Part of run 2026-W21-473d6fa5 (weekly · Claude Opus 4.7)

An access-validation failure in the internal REST API of Cisco Secure Workload (formerly Tetration), the enterprise micro-segmentation platform, lets an unauthenticated network attacker obtain Site Admin privileges across all tenants (CVSS 10.0, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). There is no workaround — patching is the only remediation. No confirmed exploitation yet, but a perfect-10 zero-auth admin bug on a segmentation controller is an attractive target: compromise of the micro-segmentation fabric undermines every downstream lateral-movement control. NCSC.ch carried it on the Cyber Security Hub (post 12588). Patch on the highest-priority schedule and restrict management-plane network reachability in the interim.

vulnerabilities rce pre-auth global CVE-2026-20223