Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

**CVE-2026-20223 (CVSS 10.0): Critical unauthenticated REST API vulnerability in Cisco Secure Workload** — Cisco released fixes for Secure Workload (fixed in 3.10.8.3 and 4.0.3.17) after discovering an API authentication/validation flaw that could let remote, unauthenticated actors read sensitive data and make cross-tenant configuration changes as a Site Admin; no workaround exists and Cisco reports no evidence of active exploitation.