First Published: February 24, 2026

Introduction to Cisco Secure Workload, Release 4.0.3.13

This document describes the features, bug fixes, and behavior changes, if any, for the Cisco Secure Workload software patch Release 4.0.3.13. This patch is associated with Cisco Secure Workload software major Release 4.0.1.1. For more information, see Cisco Secure Workload Release Notes, Release 4.0.1.1.


Note

Agents upgrade to this version will fail, unless cluster and agents are running at least 3.10.6.3 version.

Release Information

Release Version: 4.0.3.13

Published Date: February 24, 2026

New Software Features in Cisco Secure Workload, Release 4.0.3.13

Feature Name

Description

Operational Simplicity

Azure–Comprehensive asset visibility including FaaS and PaaS

The Azure connector has been enhanced to discover a broader set of Azure networking and PaaS resources. Previously, the connector discovered only Virtual Machines and their Network Interfaces. With this enhancement, the following resource types are now discovered:

  • Standard load balancers (Standard LB Layer4, Application Gateways)

  • Private link services

  • Private endpoint services

  • Azure SQL servers

  • Azure function applications

You can also create Inventory filters using the system and custom resource tags for visibility and grouping.

For more information, see Azure Connector.

Back up and Restore Network Security Groups Using AWS Connector

The AWS connector now includes the capability to back up and restore your security groups (SGs). The following are the key functionalities:

  • Automatic backup of Security groups

  • Automatic restore of Security groups

For more information, see Back up and Restore Security Groups Using AWS Connector.

Back up and Restore Google Cloud VPC Firewall Rules Using GCP Connector

The GCP connector now includes the capability to back up and restore your Google Cloud VPC Firewall Rules. Note that you will need to enable segmentation to back up Google Cloud VPC firewall rules.

For more information, see Back up and Restore Google Cloud VPC Firewall Rules Using GCP Connector.

Compare Workspace versions

The GET /applications/version_diff endpoint has been introduced to compare workspace versions. The endpoint computes the difference between the policies in two versions of different application workspaces. The path is GET /applications/version_diff.

For more information, see Secure Workload Open API.

AI Policy Suggestions

The AI Suggested Policies now have a drop-down with two options.

  1. Allowed flows that displays the number of policies available.

  2. Rejected flows displays policies that are generated based on the rejected traffic flows.

For information, see AI Policy Suggestions in Secure Workload.

Enhancing User Experience

Global Visualization of Network Traffic Flows

The Global Visualization of Network Traffic Flows feature now supports the following:

  • Expanded Time Intervals: Added Last 6 hours and Last 12 hours options for data analysis, offering greater flexibility in monitoring and trend evaluation.

  • Advanced Filtering: Introduced vulnerability and flow-statistics filters for more precise data segmentation. Enhanced facet filters now support scope, hostname, and address.

  • Uncategorized Inventory Grouping: All uncategorized inventories within a scope are now grouped under a single "Uncategorized" node, simplifying visualization and improving usability.

  • RBAC for Visualization: Role-based access control is now applied to visualizations, ensuring users only see views permitted by their roles.

  • Workspace Links in Side Drawers: Workspace names are now clickable in scope and inventory side drawers, enabling faster navigation and context switching.

  • Flow Statistics Visualization: Added visualization of flow statistics, including flows affected after policy enforcement, for deeper operational insight.

  • Vulnerabilities: Workload vulnerabilities are now displayed directly on the canvas, with detailed vulnerability information available in the workload side drawer.

  • Expanded Flow Data: The flows side drawer now includes process and DNS data, supporting enhanced network investigations.

For more information, see Global Visualization.

Agent Enhancements

Agent Troubleshooting

Agent Troubleshooting Tool is now available for Linux and AIX. For more information, see Agent Troubleshooting Tool.

Enhancements in Cisco Secure Workload, Release 4.0.3.13

  • Secure Workload agents now support Solaris branded zones.

  • Agent upgrade process timeout increased to accommodate low-bandwidth links.

  • You can now connect to private EKS clusters using Secure Connector for secure access.

Changes in Behavior in Cisco Secure Workload Release, 4.0.3.13

  • When a user-defined label key–value pairs for an IP or subnet is updated, the system now treats an empty string value as a delete operation. The key is removed from the labels for that IP or subnet instead of being retained with an empty value.

  • GPG tool is no longer required for agent installation and upgrade on AIX.

Resolved and Open Issues

The resolved and open issues for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about issues and vulnerabilities in this product and other Cisco hardware and software products.

Note: You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, register for an account.

For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.

Resolved Issues

Identifier

Headline
CSCwf43558 Services failures after upgrade with orchestrator dns name not resolvable
CSCwh45794 ADM port and pid mapping is missing for some ports
CSCwk80972 CollectorSSLCheck and collector services failing
CSCwm40398 Multiple packages have been flagged with CVE 2022-1471 in RHEL8.9 system
CSCwn61888 RHEL OS CVEs Inconsistencies report
CSCwn75424 Azure agentless enforcement out-of-band change not being detected
CSCwn90706 Vulnerabilities page shows a backend service error
CSCwn90706 Vulnerabilities page shows a backend service error
CSCwn99675 Installation of threat intelligence datasets rpms is failing
CSCwo11089 Customers would see temporary spikes in escaped flows when running policy analysis.
CSCwo53910 Commissioning of replaced baremetals is failing on postinstall playbook
CSCwp15933 AI Policy Discovery feature under certain workspace the process fails to complete throws an exception
CSCwp28822 Incorrect workload license usage
CSCwp36145 Quick Policy Analysis for Analysed flows provides incorrect policy mapping
CSCwp46016 Global Visualization dashboard does not display results on using filters
CSCwp67461 ENH: Add Minimum Supported TLS Version (1.2) in CSW SaaS User Guide and Implement OpenSSL Version Pre-Check in Agent Installation Script
CSCwp97029 CSW 3.9.1.x : False positive scenario of flow rejection for permitted policies
CSCwq00489 Enforcement not pushed to FMC access control policies
CSCwq02029 Ingest or virtual appliance remaining in pending registration state
CSCwq19946 At times, Quick Policy Analysis fails to provide outcome
CSCwq20873 Intermittent incomplete results using Quick Hypothetical Flow Analysis
CSCwq95807 LVM commands may fail during enforcement on AIX
CSCwq96293 Create alert to notify customer of pending CA refresh on Tenant.
CSCwr21288 Secure Workload Agent Support for Branded Solaris Zones
CSCwr48814 Changing ntp configurations empties out configured ntp servers
CSCwr50866 The option for SLB Config Upload is missing from the GUI
CSCwr89449 Agent doesn't remove flow files when Flow Disk Quota is off and collector connections are lost
CSCwr89903  Memory limiting on Windows TetSen.exe process may not work  
CSCwr97565 ACI In line documentation points to the wrong location
CSCwr97911 CSW SaaS 3.10.5.6 : Windows 3.10.5.6 agents impacted by vulnerability CVE-2024-13176
CSCws02884 PDF Download and PDF send in Reporting page is slow
CSCws05681 Updating domain name in identity connector causing error with user group indexes
CSCws07592  Excessive Lag in Flow Analytical Pipeline can cause HDFS to enter SafeMode 
CSCws12498 Agent installer script fails on Debian/Ubuntu in 4.0.1.1
CSCws12561 CSW: Delayed Policy Push for Short-Lived Pods 
CSCws29332 CSW UI shows unsupported RHCOS under supported platforms for the Linux installer script.
CSCws36492 three-dot menu, which provides the option to download the agent token for disabling service protection, is missing.
CSCws36886 CSW SaaS : vuln_summary.json shows Backend Server Error intermittently
CSCws42421 Flow export getting stopped after a large accumulation of flows in workloads
CSCws43749  FMC connector : Not able to successfully push policy 
CSCws62591 Batchmover/BIDR stops ingesting data into HDFS
CSCws74186 Global Visualization is not displaying Traffic Flows in Taas
CSCwt03136 default external label source failed to support new labels (impacted ACI labels)
CSCwt13501 Prohibited use of TPS Component detected by Corona
CSCwt15155 AIX tet-sensor may crash on processing multiple question DNS query reply
CSCwt19562 CSW agent doesn't properly allow outgoing broadcast and multicast in nftables
CSCwt24780 Agent Upgrade May Timeout Over Slow Connections
CSCwt39084 Show tour option(Help menu) is always visible and not working.

Open Issues

Identifier

Headline
CSCwm30965 Increased DNS Queries to metadata.google.internal from On-Prem Cluster Going to External DNS Server
CSCwm80745 Cisco Vulnerabilities Workloads Multiple selections across pages does not work in the UI
CSCwn73226 User uploaded SSL certs for UI are not honored during upgrade
CSCwn86124 Windows Agent - Missed Packets graph not being populated
CSCwo66813 Upgrade failing with VMMGR_CREATE_VMS_FAILURE
CSCwp95305 Windows Enforcement Agent Does Not Support Multiple Executables Per ANY Policy Rule
CSCwt33164 Reporting: PDF is not getting generated in the schedule PDF

Contact Cisco Technical Assistance Center

If you cannot resolve an issue using the online resources listed above, contact Cisco TAC: