Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN527
_____________________________________________________________________

DATE                : 20/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Secure Workload,
                   Cisco Nexus 3000 and 9000 Series Switches software,
                   Cisco ThousandEyes Enterprise Agent BrowserBot,
                   Cisco ThousandEyes Virtual Appliance.

=====================================================================
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
_____________________________________________________________________

Below is the list of Cisco Security Advisories published by Cisco
PSIRT on 2026-May-20.

The following PSIRT security advisories (1 Critical, 3 Medium) were
published at 16:00 UTC today.

Table of Contents:

1) Cisco Secure Workload Unauthorized API Access Vulnerability -
SIR: Critical

2) Cisco Nexus 3000 and 9000 Series Switches Border Gateway
Protocol Denial of Service Vulnerability - SIR: Medium

3) Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection
Vulnerability - SIR: Medium

4) Cisco ThousandEyes Virtual Appliance Authenticated Remote Code
Execution Vulnerability - SIR: Medium

+--------------------------------------------------------------------

1) Cisco Secure Workload Unauthorized API Access Vulnerability

CVE-2026-20223

SIR: Critical

CVSS Score v(3.1): 10.0

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy"]

+--------------------------------------------------------------------

2) Cisco Nexus 3000 and 9000 Series Switches Border Gateway Protocol
Denial of Service Vulnerability

CVE-2026-20171

SIR: Medium

CVSS Score v(3.1): 6.8

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-iefab-3hb2pwtx ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-iefab-3hb2pwtx"]

+--------------------------------------------------------------------

3) Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection
Vulnerability

CVE-2026-20206

SIR: Medium

CVSS Score v(3.1): 6.3

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tebbot-cmdinj-wN3yQ5gn ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tebbot-cmdinj-wN3yQ5gn"]

+--------------------------------------------------------------------

4) Cisco ThousandEyes Virtual Appliance Authenticated Remote Code
Execution Vulnerability

CVE-2026-20199

SIR: Medium

CVSS Score v(3.1): 4.7

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tevacert-rce-RMJVEym5 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tevacert-rce-RMJVEym5"]

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================