Cisco has patched a maximum-severity flaw, CVE-2026-20223, in the internal REST APIs of Cisco Secure Workload (formerly Tetration), the zero-trust microsegmentation platform used to stop lateral movement in enterprise environments. Insufficient authentication on the affected endpoints lets an unauthenticated remote attacker craft a request that returns sensitive data and modifies configuration with Site Admin privileges across tenant boundaries. Cisco's PSIRT says there is no evidence of in-the-wild exploitation yet and no workaround exists. The on-prem fixed releases are 3.10.8.3 and 4.0.3.17; the SaaS deployment has already been patched. Sites running 3.9 or earlier must migrate to a fixed release.
Ubiquiti has shipped patches for five UniFi OS vulnerabilities, three of which are CVSS-maximum and exploitable by remote unauthenticated attackers. CVE-2026-34908 is an improper access control that lets attackers make unauthorized changes; CVE-2026-34909 is a path traversal that reaches an underlying system account; CVE-2026-34910 is an unauthenticated command injection. Two additional flaws (CVE-2026-33000, a critical command injection, and CVE-2026-34911, a high-severity info disclosure) were also patched. All five came through Ubiquiti's HackerOne program. Censys is tracking close to 100,000 internet-exposed UniFi OS endpoints, around 50,000 of them in the US. Ubiquiti products were previously hijacked into the GRU-operated Moobot botnet.