Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: max-severity (2 articles)Clear

Cisco patches CVSS 10.0 Secure Workload flaw (CVE-2026-20223): unauthenticated REST API access grants Site Admin across tenants

Cisco has patched a maximum-severity flaw, CVE-2026-20223, in the internal REST APIs of Cisco Secure Workload (formerly Tetration), the zero-trust microsegmentation platform used to stop lateral movement in enterprise environments. Insufficient authentication on the affected endpoints lets an unauthenticated remote attacker craft a request that returns sensitive data and modifies configuration with Site Admin privileges across tenant boundaries. Cisco's PSIRT says there is no evidence of in-the-wild exploitation yet and no workaround exists. The on-prem fixed releases are 3.10.8.3 and 4.0.3.17; the SaaS deployment has already been patched. Sites running 3.9 or earlier must migrate to a fixed release.

Check
Inventory Cisco Secure Workload (Tetration) on-prem deployments and their version. Check whether SaaS is in use (already auto-patched). Review API access logs for unauthenticated calls succeeding.
Affected
Cisco Secure Workload 3.10.x before 3.10.8.3, 4.0.x before 4.0.3.17, and any 3.9 or earlier release. SaaS deployment already fixed by Cisco. No workaround available.
Fix
Upgrade on-prem to 3.10.8.3 or 4.0.3.17. Sites on 3.9 or earlier must migrate to a fixed release. No workaround - patching is the only option.

Ubiquiti patches three max-severity UniFi OS flaws (CVE-2026-34908/34909/34910) plus two more - ~100K endpoints exposed online

Ubiquiti has shipped patches for five UniFi OS vulnerabilities, three of which are CVSS-maximum and exploitable by remote unauthenticated attackers. CVE-2026-34908 is an improper access control that lets attackers make unauthorized changes; CVE-2026-34909 is a path traversal that reaches an underlying system account; CVE-2026-34910 is an unauthenticated command injection. Two additional flaws (CVE-2026-33000, a critical command injection, and CVE-2026-34911, a high-severity info disclosure) were also patched. All five came through Ubiquiti's HackerOne program. Censys is tracking close to 100,000 internet-exposed UniFi OS endpoints, around 50,000 of them in the US. Ubiquiti products were previously hijacked into the GRU-operated Moobot botnet.

Check
Inventory UniFi OS devices (Dream Machine, Cloud Key, UNVR, UCG) and their firmware version. Censys-check your egress IPs for exposed UniFi web interfaces and management ports.
Affected
All UniFi OS Consoles (Dream Machine, Cloud Key, UNVR, UCG) before the May 22 patches. Roughly 100,000 internet-exposed endpoints worldwide, with about 50,000 in the United States.
Fix
Apply Ubiquiti's UniFi OS updates immediately via the Network app or controller. Move management interfaces off the public internet. Restrict admin access to a management VLAN behind VPN.