CVE-2026-20223 is a maximum-severity unauthenticated REST API flaw in Cisco Secure Workload that allows any network-accessible attacker to invoke Site Administrator privileges and cross tenant isolation boundaries on on-premises deployments. No workaround exists; organizations on versions 3.9 and earlier have no patch path and must contact Cisco TAC immediately.