- 145/2026
- Critical
Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to conduct denial-of-service attacks, obtain sensitive information, make configuration changes across tenant boundaries with the privileges of the Site Admin user, execute arbitrary code/commands, and gain access to the affected systems.
Sample of addressed vulnerabilities:
1. Cisco Secure Workload Unauthorized API Access Vulnerability (CVE-2026-20223):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Cisco Nexus 3000 and 9000 Series Switches Border Gateway Protocol Denial of Service Vulnerability (CVE-2026-20171):
- CVSS: 6.8
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- Cisco Secure Workload Cluster Software.
- Cisco ThousandEyes Virtual Appliance.
- Cisco ThousandEyes BrowserBot.
- Cisco Nexus 3000 Series and 9000 Series Switches.
Vulnerabilities
- CVE-2026-20223
- CVE-2026-20199
- CVE-2026-20206
- CVE-2026-20171
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.