CNVD-2026-25126
Vulnerability from cnvd - Published: 2026-06-25
VLAI Severity ?
Title
Cisco Secure Workload访问控制错误漏洞
Description
Cisco Secure Workload是美国思科(Cisco)公司的一种允许用户在其应用程序工作负载上安装软件代理的软件。
Cisco Secure Workload存在访问控制错误漏洞,该漏洞源于内部REST API的访问验证不足,可能导致未经身份验证的远程攻击者以Site Admin角色权限访问站点资源。攻击者可利用该漏洞通过向受影响的端点发送特制的API请求,以站点管理员角色的权限读取敏感信息并跨租户边界进行配置更改。
Severity
高
Patch Name
Cisco Secure Workload访问控制错误漏洞的补丁
Patch Description
Cisco Secure Workload是美国思科(Cisco)公司的一种允许用户在其应用程序工作负载上安装软件代理的软件。
Cisco Secure Workload存在访问控制错误漏洞,该漏洞源于内部REST API的访问验证不足,可能导致未经身份验证的远程攻击者以Site Admin角色权限访问站点资源。攻击者可利用该漏洞通过向受影响的端点发送特制的API请求,以站点管理员角色的权限读取敏感信息并跨租户边界进行配置更改。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-20223
Impacted products
| Name | ['Cisco Cisco Secure Workload 2.2.1.41', 'Cisco Cisco Secure Workload 3.2.1.18', 'Cisco Cisco Secure Workload 3.3.2.50', 'Cisco Cisco Secure Workload 3.4.1.28', 'Cisco Cisco Secure Workload 3.4.1.34', 'Cisco Cisco Secure Workload 2.3.1.45', 'Cisco Cisco Secure Workload 2.3.1.41', 'Cisco Cisco Secure Workload 3.3.2.28', 'Cisco Cisco Secure Workload 3.1.1.59', 'Cisco Cisco Secure Workload 2.0.2.20', 'Cisco Cisco Secure Workload 2.1.1.33', 'Cisco Cisco Secure Workload 2.1.1.29', 'Cisco Cisco Secure Workload 3.2.1.28', 'Cisco Cisco Secure Workload 3.4.1.35', 'Cisco Cisco Secure Workload 3.1.1.65', 'Cisco Cisco Secure Workload 3.1.1.67', 'Cisco Cisco Secure Workload 2.0.1.34', 'Cisco Cisco Secure Workload 2.3.1.49', 'Cisco Cisco Secure Workload 2.2.1.39', 'Cisco Cisco Secure Workload 3.4.1.19', 'Cisco Cisco Secure Workload 3.3.2.23', 'Cisco Cisco Secure Workload 3.1.1.61', 'Cisco Cisco Secure Workload 3.1.1.54', 'Cisco Cisco Secure Workload 3.5.1.17', 'Cisco Cisco Secure Workload 3.3.2.33', 'Cisco Cisco Secure Workload 3.5.1.1', 'Cisco Cisco Secure Workload 2.3.1.53', 'Cisco Cisco Secure Workload 3.5.1.20', 'Cisco Cisco Secure Workload 3.5.1.30', 'Cisco Cisco Secure Workload 3.3.2.16', 'Cisco Cisco Secure Workload 3.1.1.55', 'Cisco Cisco Secure Workload 3.4.1.6', 'Cisco Cisco Secure Workload 2.3.1.50', 'Cisco Cisco Secure Workload 2.3.1.52', 'Cisco Cisco Secure Workload 3.2.1.19', 'Cisco Cisco Secure Workload 2.2.1.35', 'Cisco Cisco Secure Workload 3.1.1.53', 'Cisco Cisco Secure Workload 3.1.1.70', 'Cisco Cisco Secure Workload 3.2.1.20', 'Cisco Cisco Secure Workload 3.5.1.2', 'Cisco Cisco Secure Workload 1.103.1.12', 'Cisco Cisco Secure Workload 2.3.1.51', 'Cisco Cisco Secure Workload 3.3.2.42', 'Cisco Cisco Secure Workload 3.4.1.1', 'Cisco Cisco Secure Workload 3.3.2.12', 'Cisco Cisco Secure Workload 2.1.1.31', 'Cisco Cisco Secure Workload 3.5.1.23', 'Cisco Cisco Secure Workload 3.3.2.53', 'Cisco Cisco Secure Workload 3.4.1.14', 'Cisco Cisco Secure Workload 3.3.2.2', 'Cisco Cisco Secure Workload 3.4.1.20', 'Cisco Cisco Secure Workload 3.3.2.35', 'Cisco Cisco Secure Workload 2.2.1.34', 'Cisco Cisco Secure Workload 1.102.21', 'Cisco Cisco Secure Workload 3.3.2.5', 'Cisco Cisco Secure Workload 3.5.1.31', 'Cisco Cisco Secure Workload 3.6.1.5', 'Cisco Cisco Secure Workload 3.2.1.31', 'Cisco Cisco Secure Workload 3.5.1.37', 'Cisco Cisco Secure Workload 3.4.1.40', 'Cisco Cisco Secure Workload 3.6.1.17', 'Cisco Cisco Secure Workload 3.6.1.21', 'Cisco Cisco Secure Workload 3.2.1.32', 'Cisco Cisco Secure Workload 3.2.1.33', 'Cisco Cisco Secure Workload 3.6.1.35', 'Cisco Cisco Secure Workload 3.6.1.36', 'Cisco Cisco Secure Workload 3.7.1.5', 'Cisco Cisco Secure Workload 3.6.1.47', 'Cisco Cisco Secure Workload 3.7.1.22', 'Cisco Cisco Secure Workload 3.6.1.52', 'Cisco Cisco Secure Workload 3.7.1.39', 'Cisco Cisco Secure Workload 3.8.1.1', 'Cisco Cisco Secure Workload 3.7.1.51', 'Cisco Cisco Secure Workload 3.8.1.19', 'Cisco Cisco Secure Workload 3.8.1.36', 'Cisco Cisco Secure Workload 3.7.1.59', 'Cisco Cisco Secure Workload 3.8.1.39', 'Cisco Cisco Secure Workload 3.9.1.1', 'Cisco Cisco Secure Workload 3.9.1.10', 'Cisco Cisco Secure Workload 3.9.1.24', 'Cisco Cisco Secure Workload 3.9.1.25', 'Cisco Cisco Secure Workload 3.9.1.28', 'Cisco Cisco Secure Workload 3.9.1.38', 'Cisco Cisco Secure Workload 3.8.1.53', 'Cisco Cisco Secure Workload 3.9.1.52', 'Cisco Cisco Secure Workload 3.10.1.1', 'Cisco Cisco Secure Workload 3.9.1.64', 'Cisco Cisco Secure Workload 3.10.2.11', 'Cisco Cisco Secure Workload 3.9.1.66', 'Cisco Cisco Secure Workload 3.10.3.19', 'Cisco Cisco Secure Workload 3.9.1.69', 'Cisco Cisco Secure Workload 3.10.4.8', 'Cisco Cisco Secure Workload 3.10.5.6', 'Cisco Cisco Secure Workload 4.0.1.1', 'Cisco Cisco Secure Workload 4.0.2.4', 'Cisco Cisco Secure Workload 4.0.2.5', 'Cisco Cisco Secure Workload 3.10.6.3', 'Cisco Cisco Secure Workload 3.10.7.4', 'Cisco Cisco Secure Workload 4.0.3.13'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2026-20223",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-20223"
}
},
"description": "Cisco Secure Workload\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u79cd\u5141\u8bb8\u7528\u6237\u5728\u5176\u5e94\u7528\u7a0b\u5e8f\u5de5\u4f5c\u8d1f\u8f7d\u4e0a\u5b89\u88c5\u8f6f\u4ef6\u4ee3\u7406\u7684\u8f6f\u4ef6\u3002\n\nCisco Secure Workload\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5185\u90e8REST API\u7684\u8bbf\u95ee\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u53ef\u80fd\u5bfc\u81f4\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u4ee5Site Admin\u89d2\u8272\u6743\u9650\u8bbf\u95ee\u7ad9\u70b9\u8d44\u6e90\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u7684\u7aef\u70b9\u53d1\u9001\u7279\u5236\u7684API\u8bf7\u6c42\uff0c\u4ee5\u7ad9\u70b9\u7ba1\u7406\u5458\u89d2\u8272\u7684\u6743\u9650\u8bfb\u53d6\u654f\u611f\u4fe1\u606f\u5e76\u8de8\u79df\u6237\u8fb9\u754c\u8fdb\u884c\u914d\u7f6e\u66f4\u6539\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2026-25126",
"openTime": "2026-06-25",
"patchDescription": "Cisco Secure Workload\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u79cd\u5141\u8bb8\u7528\u6237\u5728\u5176\u5e94\u7528\u7a0b\u5e8f\u5de5\u4f5c\u8d1f\u8f7d\u4e0a\u5b89\u88c5\u8f6f\u4ef6\u4ee3\u7406\u7684\u8f6f\u4ef6\u3002\r\n\r\nCisco Secure Workload\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5185\u90e8REST API\u7684\u8bbf\u95ee\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u53ef\u80fd\u5bfc\u81f4\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u4ee5Site Admin\u89d2\u8272\u6743\u9650\u8bbf\u95ee\u7ad9\u70b9\u8d44\u6e90\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u7684\u7aef\u70b9\u53d1\u9001\u7279\u5236\u7684API\u8bf7\u6c42\uff0c\u4ee5\u7ad9\u70b9\u7ba1\u7406\u5458\u89d2\u8272\u7684\u6743\u9650\u8bfb\u53d6\u654f\u611f\u4fe1\u606f\u5e76\u8de8\u79df\u6237\u8fb9\u754c\u8fdb\u884c\u914d\u7f6e\u66f4\u6539\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco Secure Workload\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco Cisco Secure Workload 2.2.1.41",
"Cisco Cisco Secure Workload 3.2.1.18",
"Cisco Cisco Secure Workload 3.3.2.50",
"Cisco Cisco Secure Workload 3.4.1.28",
"Cisco Cisco Secure Workload 3.4.1.34",
"Cisco Cisco Secure Workload 2.3.1.45",
"Cisco Cisco Secure Workload 2.3.1.41",
"Cisco Cisco Secure Workload 3.3.2.28",
"Cisco Cisco Secure Workload 3.1.1.59",
"Cisco Cisco Secure Workload 2.0.2.20",
"Cisco Cisco Secure Workload 2.1.1.33",
"Cisco Cisco Secure Workload 2.1.1.29",
"Cisco Cisco Secure Workload 3.2.1.28",
"Cisco Cisco Secure Workload 3.4.1.35",
"Cisco Cisco Secure Workload 3.1.1.65",
"Cisco Cisco Secure Workload 3.1.1.67",
"Cisco Cisco Secure Workload 2.0.1.34",
"Cisco Cisco Secure Workload 2.3.1.49",
"Cisco Cisco Secure Workload 2.2.1.39",
"Cisco Cisco Secure Workload 3.4.1.19",
"Cisco Cisco Secure Workload 3.3.2.23",
"Cisco Cisco Secure Workload 3.1.1.61",
"Cisco Cisco Secure Workload 3.1.1.54",
"Cisco Cisco Secure Workload 3.5.1.17",
"Cisco Cisco Secure Workload 3.3.2.33",
"Cisco Cisco Secure Workload 3.5.1.1",
"Cisco Cisco Secure Workload 2.3.1.53",
"Cisco Cisco Secure Workload 3.5.1.20",
"Cisco Cisco Secure Workload 3.5.1.30",
"Cisco Cisco Secure Workload 3.3.2.16",
"Cisco Cisco Secure Workload 3.1.1.55",
"Cisco Cisco Secure Workload 3.4.1.6",
"Cisco Cisco Secure Workload 2.3.1.50",
"Cisco Cisco Secure Workload 2.3.1.52",
"Cisco Cisco Secure Workload 3.2.1.19",
"Cisco Cisco Secure Workload 2.2.1.35",
"Cisco Cisco Secure Workload 3.1.1.53",
"Cisco Cisco Secure Workload 3.1.1.70",
"Cisco Cisco Secure Workload 3.2.1.20",
"Cisco Cisco Secure Workload 3.5.1.2",
"Cisco Cisco Secure Workload 1.103.1.12",
"Cisco Cisco Secure Workload 2.3.1.51",
"Cisco Cisco Secure Workload 3.3.2.42",
"Cisco Cisco Secure Workload 3.4.1.1",
"Cisco Cisco Secure Workload 3.3.2.12",
"Cisco Cisco Secure Workload 2.1.1.31",
"Cisco Cisco Secure Workload 3.5.1.23",
"Cisco Cisco Secure Workload 3.3.2.53",
"Cisco Cisco Secure Workload 3.4.1.14",
"Cisco Cisco Secure Workload 3.3.2.2",
"Cisco Cisco Secure Workload 3.4.1.20",
"Cisco Cisco Secure Workload 3.3.2.35",
"Cisco Cisco Secure Workload 2.2.1.34",
"Cisco Cisco Secure Workload 1.102.21",
"Cisco Cisco Secure Workload 3.3.2.5",
"Cisco Cisco Secure Workload 3.5.1.31",
"Cisco Cisco Secure Workload 3.6.1.5",
"Cisco Cisco Secure Workload 3.2.1.31",
"Cisco Cisco Secure Workload 3.5.1.37",
"Cisco Cisco Secure Workload 3.4.1.40",
"Cisco Cisco Secure Workload 3.6.1.17",
"Cisco Cisco Secure Workload 3.6.1.21",
"Cisco Cisco Secure Workload 3.2.1.32",
"Cisco Cisco Secure Workload 3.2.1.33",
"Cisco Cisco Secure Workload 3.6.1.35",
"Cisco Cisco Secure Workload 3.6.1.36",
"Cisco Cisco Secure Workload 3.7.1.5",
"Cisco Cisco Secure Workload 3.6.1.47",
"Cisco Cisco Secure Workload 3.7.1.22",
"Cisco Cisco Secure Workload 3.6.1.52",
"Cisco Cisco Secure Workload 3.7.1.39",
"Cisco Cisco Secure Workload 3.8.1.1",
"Cisco Cisco Secure Workload 3.7.1.51",
"Cisco Cisco Secure Workload 3.8.1.19",
"Cisco Cisco Secure Workload 3.8.1.36",
"Cisco Cisco Secure Workload 3.7.1.59",
"Cisco Cisco Secure Workload 3.8.1.39",
"Cisco Cisco Secure Workload 3.9.1.1",
"Cisco Cisco Secure Workload 3.9.1.10",
"Cisco Cisco Secure Workload 3.9.1.24",
"Cisco Cisco Secure Workload 3.9.1.25",
"Cisco Cisco Secure Workload 3.9.1.28",
"Cisco Cisco Secure Workload 3.9.1.38",
"Cisco Cisco Secure Workload 3.8.1.53",
"Cisco Cisco Secure Workload 3.9.1.52",
"Cisco Cisco Secure Workload 3.10.1.1",
"Cisco Cisco Secure Workload 3.9.1.64",
"Cisco Cisco Secure Workload 3.10.2.11",
"Cisco Cisco Secure Workload 3.9.1.66",
"Cisco Cisco Secure Workload 3.10.3.19",
"Cisco Cisco Secure Workload 3.9.1.69",
"Cisco Cisco Secure Workload 3.10.4.8",
"Cisco Cisco Secure Workload 3.10.5.6",
"Cisco Cisco Secure Workload 4.0.1.1",
"Cisco Cisco Secure Workload 4.0.2.4",
"Cisco Cisco Secure Workload 4.0.2.5",
"Cisco Cisco Secure Workload 3.10.6.3",
"Cisco Cisco Secure Workload 3.10.7.4",
"Cisco Cisco Secure Workload 4.0.3.13"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-20223",
"serverity": "\u9ad8",
"submitTime": "2026-05-21",
"title": "Cisco Secure Workload\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…