India, May 22 -- A critical bug in Cisco Secure Workload is a reminder that the tools used to defend networks can become high-value targets themselves. When a security platform controls workload visibility, segmentation, and policy enforcement, a flaw in its management layer can carry consequences far beyond one vulnerable server.

Cisco has patched CVE-2026-20223, a maximum-severity vulnerability with a CVSS score of 10.0. The issue affects Cisco Secure Workload Cluster Software in both SaaS and on-premises deployments. According to the supplied research brief, the flaw stems from insufficient validation and authentication on REST API endpoints, allowing an unauthenticated remote attacker to send crafted requests to affected systems .

S...