Cisco has released security updates to fix a critical vulnerability, tracked as CVE-2026-20223, affecting its Cisco Secure Workload platform. The flaw, which received the maximum CVSS score of 10.0, could allow an unauthenticated remote attacker to access sensitive information and make unauthorized configuration changes through vulnerable REST API endpoints.

The company said the issue originates from insufficient validation and authentication checks in internal REST API functions used by Secure Workload. The vulnerability has also been classified under CWE-306, a category associated with missing authentication protections for critical operations.

According to Cisco, “an attacker could expl...