Skip to main content

Cisco Secure Workload EUVD-2026-31131

| CVE-2026-20223 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-05-20 cisco GHSA-p3hw-qj46-c684
Authentication Bypass Cisco
10.0
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 20, 2026 - 17:30 vuln.today

DescriptionNVD

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.

This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. 

AnalysisAI

Authentication bypass in Cisco Secure Workload allows unauthenticated remote attackers to invoke internal REST API endpoints and act with Site Admin privileges across tenant boundaries. The flaw carries a maximum CVSS 10.0 score with a changed scope and full CIA impact, and no public exploit has been identified at time of analysis. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all Cisco Secure Workload deployments and versions; disable or restrict network access to internal REST API endpoints from untrusted sources; enable detailed logging of API requests and administrative actions. Within 7 days: Implement network segmentation isolating management interfaces to trusted networks only; deploy API gateway or WAF to enforce additional authentication layers on admin endpoints; conduct access log review for indicators of compromise. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-20171 MEDIUM
6.8 May 20

BGP session flapping denial-of-service in Cisco NX-OS on Nexus 3000 and 9000 Series Switches exposes data-center routing
CVE-2026-20206 MEDIUM
6.3 May 20

Command injection in the BrowserBot component of Cisco ThousandEyes Enterprise Agent (CWE-78) allows authenticated SaaS

CVE-2026-20199 MEDIUM
4.7 May 20

Remote code execution as root in Cisco ThousandEyes Virtual Appliance is achievable by any authenticated administrator t

Share

EUVD-2026-31131 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy