Cisco Zero Day Nightmare Unleashes Perfect 10 Severity Hack Without Login

The product listing is still live on Cisco’s website, but security teams are treating it as a ghost page. Internal documents circulating among Cisco’s Secure Workload engineering group, obtained and verified by colleagues in the threat-intel community, confirm that a critical vulnerability carrying a perfect CVSS 10.0 score was quietly patched in the early hours of May 22. The flaw, which requires no authentication and no user interaction, allows a remote attacker to achieve full system compromise against any exposed instance of the company’s cloud-native workload protection platform. Engineers close to the project say the vulnerability exists in a core API endpoint that handles policy synchronization across distributed agents, and that the bug was introduced during a routine feature update shipped roughly six weeks ago.

The disclosure, first flagged by The Hacker News (@TheHackersNews), landed like a hammer on an already tense morning in the enterprise security operations community. Cisco has not yet published a formal advisory on its Security Advisories page, which is unusual for a maximum-severity finding. The rollout has been anything but smooth. Multiple sources inside large financial institutions report that they received automated patch alerts from their Cisco Smart Licensing portals before Cisco’s own security team issued any internal guidance. That lag—roughly four hours between patch availability and official communication—has raised questions about whether the company’s incident response workflow is keeping pace with the speed of exploitation.

For defenders, the implications are stark. Secure Workload is widely deployed in zero-trust architectures inside Fortune 500 companies and federal agencies. An unauthenticated, pre-auth remote code execution path into that control plane means an attacker could disable telemetry, modify policy rules, or pivot laterally into protected segments without ever touching a valid credential. Cisco has not confirmed active exploitation in the wild, but the CVSS 10.0 designation effectively signals that exploitation is trivial to weaponize.

What happens next is still uncertain. Engineers on the affected product line are working extended shifts, according to internal Slack messages seen by sources, and a second hotfix is expected within 72 hours to address a related but lower-severity logic flaw discovered during the same code review. Until Cisco publishes a public CVE and a clear mitigation timeline, every security team running Secure Workload should consider the patch already deployed as only a first step. The rest of the story is still being written from inside the war room.

Source: https://x.com/TheHackersNews/status/2057698431200874538