Secure Access

CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service.

Published: 2026-04-30T20:22:16.201Z
Updated: 2026-05-01T14:29:48.263Z

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service

Published: 2026-04-30T20:19:11.609Z
Updated: 2026-05-01T14:31:19.868Z

CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service.

Published: 2026-04-30T20:16:19.912Z
Updated: 2026-05-01T14:32:04.114Z

CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system.

Published: 2026-04-30T20:12:16.166Z
Updated: 2026-05-01T14:30:27.273Z

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.

Published: 2026-04-30T20:08:03.213Z
Updated: 2026-05-01T14:36:19.832Z

CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service.

Published: 2026-04-30T20:04:14.383Z
Updated: 2026-05-01T14:35:43.451Z

CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service.

Published: 2026-04-30T19:52:01.980Z
Updated: 2026-05-01T14:33:13.244Z

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets.

Published: 2026-04-30T19:47:50.031Z
Updated: 2026-05-01T14:35:03.996Z

CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service.

Published: 2026-04-30T19:43:27.437Z
Updated: 2026-05-01T14:32:40.680Z

CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service.

Published: 2026-04-30T19:36:37.319Z
Updated: 2026-04-30T20:11:21.104Z

There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are high, user interaction required is none. The impact to confidentiality is none, the impact to availability is low, and the impact to system integrity is high.

Published: 2024-12-20T20:17:27.132Z
Updated: 2024-12-24T15:57:03.223Z

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the vulnerable page. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.

Published: 2024-06-20T17:28:47.745Z
Updated: 2024-08-02T03:50:56.158Z

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later edits the same management object. This vulnerability is distinct from CVE-2024-37348 and CVE-2024-37349. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.

Published: 2024-06-20T17:25:09.306Z
Updated: 2024-08-02T03:50:56.092Z

There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can interfere with a system administrator’s use of the policy management UI when the attacker convinces the victim administrator to follow a crafted link to the vulnerable component while the attacking administrator is authenticated to the console. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.

Published: 2024-06-20T17:18:33.952Z
Updated: 2024-08-02T03:50:56.219Z

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management object. This vulnerability is distinct from CVE-2024-37348 and CVE-2024-37351. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.

Published: 2024-06-20T17:11:52.447Z
Updated: 2024-08-02T03:50:55.914Z

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same management object. This vulnerability is distinct from CVE-2024-37349 and CVE-2024-37351. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.

Published: 2024-06-20T17:05:04.866Z
Updated: 2024-08-02T03:50:56.211Z

There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.

Published: 2024-06-20T16:56:50.468Z
Updated: 2024-08-02T03:50:55.946Z

There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the warehouse over the network. There is no loss of warehouse integrity or confidentiality, the security scope is unchanged. Loss of availability is high.

Published: 2024-06-20T16:51:37.265Z
Updated: 2024-08-02T03:50:55.993Z

There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Attackers can pass a limited-length script to the administrative UI which is then stored where an administrator can access it. The scope is unchanged, there is no loss of confidentiality. Impact to system availability is none, impact to system integrity is high

Published: 2024-06-20T16:45:51.929Z
Updated: 2024-08-02T03:50:56.264Z

There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the same policy object. The scope is unchanged, there is no loss of confidentiality. Impact to system availability is none, impact to system integrity is high.

Published: 2024-06-20T16:38:26.256Z
Updated: 2024-08-02T03:50:56.114Z

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator using a non-default configuration could click on it while the attacker has a valid tunnel session with the server. The scope is unchanged, there is no loss of confidentiality. Impact to system availability is none, impact to system integrity is high.

Published: 2024-06-20T16:30:21.053Z
Updated: 2024-08-02T03:50:55.892Z