Skip to main content
Regulatory Triage ICT Providers

Cisco

Network & Security

Period: 7d 14d 30d 90d
4
Open CVEs
0
Exploited
0
KEV
4
Unpatched
3
No Workaround
3
Internet-facing

Why this provider is risky now

This provider has 4 open CVE(s) in the last 14 days. 4 have no vendor patch. 3 affect internet-facing services. 1 impact the management/identity plane.

4 Unpatched 1 Mgmt / Admin Plane 3 No Workaround 3 Internet-facing

Top Risky CVEs

CVE-2026-20223
Act Now
Unpatched
Authentication bypass in Cisco Secure Workload allows unauthenticated remote attackers to invoke internal REST API endpoints and act with Site Admin privileges across tenant boundaries. The flaw carries a maximum CVSS 10.0 score with a changed scope and full CIA impact, and no public exploit has been identified at time of analysis. Successful exploitation enables reading sensitive tenant data and modifying configuration globally, making this a critical-priority issue for any organization running affected versions.
Within 24 hours: Inventory all Cisco Secure Workload deployments and versions; disable or restrict network access to internal REST API endpoints from untrusted sources; enable detailed logging of API requests and administrative actions. Within 7 days: Implement network segmentation isolating management interfaces to trusted networks only; deploy API gateway or WAF to enforce additional authentication layers on admin endpoints; conduct access log review for indicators of compromise. Within 30 days: Monitor Cisco security advisories for patch release; establish emergency patching procedure; test patched version in non-production environment; deploy patch to production immediately upon validation.
Edge exposure ICT dependency No patch available Management plane
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-306: Missing Authentication for Critical Function)
  • Third-party ICT: Cisco
  • No patch available
  • Management plane (Missing Authentication for Critical Function)
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Cisco (Network & Security)
  • No remediation available
  • Authentication / access control weakness
10.0
CVSS
0.0%
EPSS
50
Priority
CVE-2026-20171
This Month
Unpatched
BGP session flapping denial-of-service in Cisco NX-OS on Nexus 3000 and 9000 Series Switches exposes data-center routing infrastructure to disruption from unauthenticated remote attackers. The flaw resides in the enforce-first-as BGP feature, where incorrect parsing of a transitive BGP attribute causes an affected switch to drop its BGP peer session and enter a flap loop upon receiving a crafted BGP UPDATE message. No active exploitation has been confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis, though the Changed scope in the CVSS vector reflects that the instability can propagate beyond the directly attacked peer, amplifying network-wide impact.
ICT dependency
Why flagged?
6.8
CVSS
0.0%
EPSS
34
Priority
CVE-2026-20206
This Month
Unpatched
Command injection in the BrowserBot component of Cisco ThousandEyes Enterprise Agent (CWE-78) allows authenticated SaaS users with transaction test management privileges to execute arbitrary OS commands inside the BrowserBot container as the unprivileged 'node' user. Exploitation requires valid ThousandEyes SaaS credentials and the ability to manage transaction tests, scoping the realistic threat primarily to insiders and compromised privileged accounts. Cisco has already deployed a remediation server-side; no customer action is required. No public exploit code or CISA KEV listing exists at time of analysis.
Edge exposure ICT dependency
Why flagged?
6.3
CVSS
0.1%
EPSS
32
Priority
CVE-2026-20199
This Month
Unpatched
Remote code execution as root in Cisco ThousandEyes Virtual Appliance is achievable by any authenticated administrator through a crafted SSL certificate upload. The flaw stems from CWE-74 injection in the certificate handling subsystem, where user-supplied certificate data is not adequately sanitized before being processed by the underlying OS. Despite a CVSS score of 4.7 (Medium), the actual post-exploitation impact is severe - root-level OS access - though the PR:H prerequisite substantially constrains the realistic attack surface. No public exploit code or CISA KEV listing has been identified at time of analysis.
Edge exposure ICT dependency
Why flagged?
4.7
CVSS
0.0%
EPSS
24
Priority

By Exposure

Internet-facing
3
Mgmt / Admin Plane
1
Identity / Auth
1
Internal only
1

By Exploitability

Known exploited
0
Public PoC
0
High EPSS (>30%)
0
Remote unauthenticated
2
Local only
0

By Remediation

Patch available
0
No patch
4
Workaround available
1
No workaround
3

Affected Services / Product Families

Cisco
4 CVE(s)
CVE-2026-20171 MEDIUM Unpatched
CVE-2026-20199 MEDIUM Unpatched
CVE-2026-20206 MEDIUM Unpatched
CVE-2026-20223 CRITICAL Unpatched

Recommended Actions

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy