VDB

GCVE-110-NCSC-2026-167

GCVE-110-NCSC-2026-167
Advisory PublishedCVSS 10.0/10
Vulnetix · Advisory published May 26, 2026
A vulnerability in Cisco Secure Workload's internal REST APIs allows unauthenticated remote attackers to gain Site Admin privileges by exploiting insufficient validation and authentication, risking sensitive data exposure and unauthorized configuration changes.

Weaknesses (CWE)

CWE-306Missing Authentication for Critical Function

Risk Scores

CVSS 3.1
10.0/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
Ciscovers:unknown/*

References

advisory
advisory
advisory

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›