Max severity Cisco Secure Workload flaw gives Site Admin privileges

Cisco issued a security advisory for CVE-2026-20223, a maximum-severity vulnerability in Secure Workload's internal REST APIs that could let unauthenticated attackers assume Site Admin privileges and perform cross-tenant reads/changes; on-premises fixes are available (e.g., 3.10.8.3, 4.0.3.17) and the cloud SaaS has been remediated, with Cisco reporting no observed exploitation to date.