Vulnerability Management , Patch/Configuration Management Cisco patches critical 10.0 flaw in Secure Workload APIs May 22, 2026 Share By Steve Zurier Cisco Logo on a Modern Office Building Cisco on May 20 released patches for a 10.0 vulnerability in the internal application program interfaces (APIs) of its Secure Workload product, Cisco’s zero-trust segmentation platform. Security pros said teams should pay attention and patch CVE-2026-20223 right away because products such as firewalls, SD-WAN controllers, endpoint management platforms, and zero-trust enforcement tools all sit in the most privileged positions in an enterprise network. “When they’re the one that are vulnerable, the blast radius is enormous because every security assumption downstream depend on them,” said Denis Calderone, chief technology officer and principal at Suzu Labs. It should be noted that as of Friday afternoon May 22, the Secure Workload bug had not been been actively exploited. Calderone pointed out that all three of Cisco’s CVSS 10.0s are authentication failures. The SD-WAN controller had two separate auth bypass bugs, and now Secure Workload has a 10.0 flaw. “The product that enforces zero-trust had zero authentication on its own API, that's about as fundamental as it gets,” said Calderone. “This suggests a systemic issue with how Cisco validates access to management APIs and control planes across its product line, and that's exactly the kind of thing that Secure by Design principles are supposed to catch during development. Patch immediately, there are no workarounds on this one.” Calderone added that we see so many Cisco 10.0 bugs is that the company has an enormous product portfolio: decades of acquisitions bolted together into a sprawling ecosystem that spans routers, firewalls, SD-WAN, workload security, and collaboration. “The more code you ship, the more bugs are hiding in it,” said Calderone. “But the bigger factor right now is what's happening on the research side. AI-driven code analysis and automated vulnerability discovery tools are tearing through large codebases at a pace that wasn't possible even two years ago.” Calderone said we just saw Depthfirst's autonomous system find four memory corruption bugs in NGINX , including an 18-year-old critical flaw, in six hours. “That same kind of analysis pointed at Cisco's codebase is going to surface things that manual review missed for years,” said Calderone. “Cisco is a prime target for this because the products are high-value, widely deployed, and the attack surface is deep. Three CVSS 10.0s in 2026 alone, all authentication failures, and I'd expect that pace to continue as these tools get better.” Louis Eichenbaum, Federal CTO at ColorTokens, said CVE-2026-20223 reminds us that we can no longer rely on perimeter defenses and patching alone to protect critical systems. Eichenbaum said vulnerabilities in management planes and internal APIs are especially dangerous because once an attacker gains access, they often inherit broad administrative control. “Identity-based microsegmentation helps mitigate that risk by ensuring that only explicitly authorized users, workloads, and services can communicate with sensitive APIs and management components in the first place,” said Eichenbaum. “Even if a system is compromised, segmentation can prevent lateral movement, contain the blast radius, and buy defenders valuable time to patch and respond before mission operations are impacted.” Erica Downs, vice president at MSP group Courser, said when a security platform gets compromised, it’s a reminder that we can’t implicitly trust anything in the environment, including the tools meant to protect it. “We have to design with an ‘assume breach’ mindset, where segmentation limits impact and keeps an incident from spreading,” said Downs. “It also reinforces that over-centralizing security creates real risk, one failure can quickly become everyone’s problem. Ultimately, resilient architecture comes down to zero-trust, strong segmentation, and not being overly dependent on any single control point.” Steve Zurier Related Vulnerability Management Nvidia releases driver updates to fix 14 critical vulnerabilities SC Staff May 21, 2026 The vulnerabilities affect GeForce, RTX, Quadro, Tesla, and NVS product lines, as well as vGPU and Cloud Gaming software. Vulnerability Management Attackers exploit SonicWall VPN vulnerability to bypass MFA SC Staff May 21, 2026 The vulnerability, CVE-2024-12802, allows threat actors to bypass MFA on SonicWall Gen6 SSL-VPN appliances by using a specific user principal name (UPN) login format. Application security APIs under pressure: How AI is rewriting the rules of enterprise security Paul Wagenseil May 20, 2026 The rapid growth of AI has created an explosion of APIs that will require new techniques to manage. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds