Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    112 vulnerabilities by Absolute

    CVE-2026-55399 (GCVE-0-2026-55399)

    Vulnerability from nvd – Published: 2026-07-15 20:20 – Updated: 2026-07-16 13:07
    VLAI
    Title
    Resource exhaustion vulnerability in the Secure Access publisher
    Summary
    CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55399",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:07:15.653685Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:07:32.872Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-55399 is a resource exhaustion\nvulnerability in the Secure Access publisher prior to 14.55. Attackers with\nvalid credentials to the Secure Access tunnel can create a non-persistent DoS\nagainst the publisher.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-55399 is a resource exhaustion\nvulnerability in the Secure Access publisher prior to 14.55. Attackers with\nvalid credentials to the Secure Access tunnel can create a non-persistent DoS\nagainst the publisher."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:20:13.950Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-55399"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Resource exhaustion vulnerability in the Secure Access publisher",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-55399",
        "datePublished": "2026-07-15T20:20:13.950Z",
        "dateReserved": "2026-06-16T21:26:37.698Z",
        "dateUpdated": "2026-07-16T13:07:32.872Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55398 (GCVE-0-2026-55398)

    Vulnerability from nvd – Published: 2026-07-15 20:17 – Updated: 2026-07-16 13:08
    VLAI
    Title
    Memory management vulnerability in Secure Access clients
    Summary
    CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:08:23.469391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:08:45.489Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eCVE-2026-55398\nis a memory management vulnerability in Secure Access clients and servers prior\nto 14.55. Attackers with intimate knowledge of and total control over the\ntunnel protocol can create a non-persistent DoS against the server.\u003c/span\u003e"
                }
              ],
              "value": "CVE-2026-55398\nis a memory management vulnerability in Secure Access clients and servers prior\nto 14.55. Attackers with intimate knowledge of and total control over the\ntunnel protocol can create a non-persistent DoS against the server."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:17:00.166Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-55398"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory management vulnerability in Secure Access clients",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-55398",
        "datePublished": "2026-07-15T20:17:00.166Z",
        "dateReserved": "2026-06-16T21:26:37.698Z",
        "dateUpdated": "2026-07-16T13:08:45.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33445 (GCVE-0-2026-33445)

    Vulnerability from nvd – Published: 2026-07-15 20:13 – Updated: 2026-07-16 13:09
    VLAI
    Title
    Memory management vulnerability in Secure Access servers
    Summary
    CVE-2026-33445 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33445",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:09:21.100503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:09:35.944Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-33445 is a memory management\nvulnerability in Secure Access servers prior to 14.55. Attackers with an\nintimate knowledge of and total control over the tunnel protocol can create a\npersistent DoS against the server.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-33445 is a memory management\nvulnerability in Secure Access servers prior to 14.55. Attackers with an\nintimate knowledge of and total control over the tunnel protocol can create a\npersistent DoS against the server."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:13:55.272Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33445"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory management vulnerability in Secure Access servers",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-33445",
        "datePublished": "2026-07-15T20:13:55.272Z",
        "dateReserved": "2026-03-19T23:04:05.695Z",
        "dateUpdated": "2026-07-16T13:09:35.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33444 (GCVE-0-2026-33444)

    Vulnerability from nvd – Published: 2026-07-15 20:10 – Updated: 2026-07-16 13:10
    VLAI
    Title
    Memory management vulnerability in Secure Access servers
    Summary
    CVE-2026-33444 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Secutity Secure Access Affected: 0 , < 14.55 (Server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:09:57.852803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:10:18.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Secutity",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-33444 is a memory management\nvulnerability in Secure Access servers prior to 14.55. Attackers with intimate\nknowledge of and total control over the tunnel protocol can create a\nnon-persistent DoS against the server.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-33444 is a memory management\nvulnerability in Secure Access servers prior to 14.55. Attackers with intimate\nknowledge of and total control over the tunnel protocol can create a\nnon-persistent DoS against the server."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:10:20.421Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33444"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory management vulnerability in Secure Access servers",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-33444",
        "datePublished": "2026-07-15T20:10:20.421Z",
        "dateReserved": "2026-03-19T23:04:05.695Z",
        "dateUpdated": "2026-07-16T13:10:18.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40958 (GCVE-0-2026-40958)

    Vulnerability from nvd – Published: 2026-07-15 20:02 – Updated: 2026-07-16 13:11
    VLAI
    Title
    Input validation error in Secure Access clients prior to 14.55
    Summary
    CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40958",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:11:32.690461Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:11:50.471Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eCVE-2026-40958\nis a input validation error in Secure Access clients prior to 14.55. Attackers\nwith intimate knowledge of and total control over the tunnel protocol can\ncreate a non-persistent DoS against their client.\u003c/span\u003e"
                }
              ],
              "value": "CVE-2026-40958\nis a input validation error in Secure Access clients prior to 14.55. Attackers\nwith intimate knowledge of and total control over the tunnel protocol can\ncreate a non-persistent DoS against their client."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:02:59.125Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40958"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Input validation error in Secure Access clients prior to 14.55",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40958",
        "datePublished": "2026-07-15T20:02:59.125Z",
        "dateReserved": "2026-04-16T00:19:03.574Z",
        "dateUpdated": "2026-07-16T13:11:50.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40957 (GCVE-0-2026-40957)

    Vulnerability from nvd – Published: 2026-07-15 19:59 – Updated: 2026-07-16 13:16
    VLAI
    Title
    Frameable content vulnerability in the Secure Access server login page
    Summary
    o   CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40957",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:16:17.605043Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1021",
                    "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:16:38.543Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003e\u003cspan\u003eo\u003cspan\u003e\u0026nbsp;\u0026nbsp;\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003eCVE-2026-40957 is a frameable content\nvulnerability in the Secure Access server login page prior to 14.55. Attackers\nwith control of a malicious web site could use it to potentially steal\ncredentials from an unwary administrator. \u003c/p\u003e"
                }
              ],
              "value": "o\u00a0\u00a0\nCVE-2026-40957 is a frameable content\nvulnerability in the Secure Access server login page prior to 14.55. Attackers\nwith control of a malicious web site could use it to potentially steal\ncredentials from an unwary administrator."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:59:05.438Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40957"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Frameable content vulnerability in the Secure Access server login page",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40957",
        "datePublished": "2026-07-15T19:59:05.438Z",
        "dateReserved": "2026-04-16T00:19:03.574Z",
        "dateUpdated": "2026-07-16T13:16:38.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40956 (GCVE-0-2026-40956)

    Vulnerability from nvd – Published: 2026-07-15 19:55 – Updated: 2026-07-16 13:12
    VLAI
    Title
    Memory disclosure in Secure Access Clients
    Summary
    CVE-2026-40956 is a memory disclosure vulnerability in Secure Access client versions prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a small amount of random memory to leak.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:12:21.752569Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:12:35.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eCVE-2026-40956\nis a memory disclosure vulnerability in Secure Access client versions prior to 14.55.\nAttackers with intimate knowledge of and total control over the tunnel protocol\ncan cause a small amount of random memory to leak.\u003c/span\u003e"
                }
              ],
              "value": "CVE-2026-40956\nis a memory disclosure vulnerability in Secure Access client versions prior to 14.55.\nAttackers with intimate knowledge of and total control over the tunnel protocol\ncan cause a small amount of random memory to leak."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:55:05.678Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40956"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory disclosure in Secure Access Clients",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40956",
        "datePublished": "2026-07-15T19:55:05.678Z",
        "dateReserved": "2026-04-16T00:19:03.574Z",
        "dateUpdated": "2026-07-16T13:12:35.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40955 (GCVE-0-2026-40955)

    Vulnerability from nvd – Published: 2026-07-15 19:50 – Updated: 2026-07-16 13:13
    VLAI
    Title
    Integer underflow vulnerability in Secure Access clients
    Summary
    CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40955",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:12:55.536574Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-191",
                    "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:13:12.587Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-40955 is an integer underflow\nvulnerability in the traffic parsing function of Secure Access clients prior to\n14.55. Attackers with intimate knowledge of and total control over the tunnel\nprotocol can create a non-persistent DoS against their client.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-40955 is an integer underflow\nvulnerability in the traffic parsing function of Secure Access clients prior to\n14.55. Attackers with intimate knowledge of and total control over the tunnel\nprotocol can create a non-persistent DoS against their client."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:50:55.979Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40955"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Integer underflow vulnerability in Secure Access clients",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40955",
        "datePublished": "2026-07-15T19:50:55.979Z",
        "dateReserved": "2026-04-16T00:19:03.573Z",
        "dateUpdated": "2026-07-16T13:13:12.587Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40954 (GCVE-0-2026-40954)

    Vulnerability from nvd – Published: 2026-07-15 19:44 – Updated: 2026-07-16 13:15
    VLAI
    Title
    Integer underflow in Secure Access clients prior to 14.55
    Summary
    CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40954",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:14:53.484084Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-191",
                    "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:15:09.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eCVE-2026-40954\nis an integer underflow vulnerability in the traffic parsing function of Secure\nAccess clients prior to 14.55. Attackers with intimate knowledge of and total\ncontrol over the tunnel protocol can create a non-persistent DoS against their\nclient\u003c/span\u003e"
                }
              ],
              "value": "CVE-2026-40954\nis an integer underflow vulnerability in the traffic parsing function of Secure\nAccess clients prior to 14.55. Attackers with intimate knowledge of and total\ncontrol over the tunnel protocol can create a non-persistent DoS against their\nclient"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:44:47.223Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40954"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Integer underflow in Secure Access clients prior to 14.55",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40954",
        "datePublished": "2026-07-15T19:44:47.223Z",
        "dateReserved": "2026-04-16T00:19:03.573Z",
        "dateUpdated": "2026-07-16T13:15:09.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40953 (GCVE-0-2026-40953)

    Vulnerability from nvd – Published: 2026-07-15 19:40 – Updated: 2026-07-16 13:15
    VLAI
    Title
    Heap overflow in Secure Access clients
    Summary
    CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:15:31.920768Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:15:46.358Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-40953 is a heap overflow in the\ncertificate parsing function of Secure Access clients prior to 14.55. Attackers\nwith local access and administrator permissions can create a denial of service\nattack against the client over which they have control. \u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-40953 is a heap overflow in the\ncertificate parsing function of Secure Access clients prior to 14.55. Attackers\nwith local access and administrator permissions can create a denial of service\nattack against the client over which they have control."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:40:50.435Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40953"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Heap overflow in Secure Access clients",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40953",
        "datePublished": "2026-07-15T19:40:50.435Z",
        "dateReserved": "2026-04-16T00:19:03.573Z",
        "dateUpdated": "2026-07-16T13:15:46.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40952 (GCVE-0-2026-40952)

    Vulnerability from nvd – Published: 2026-07-15 19:32 – Updated: 2026-07-16 13:06
    VLAI
    Title
    Privilge misconfiguration in Secure Access installers
    Summary
    CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40952",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:05:54.727165Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:06:21.115Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-40952 is a privilege misconfiguration\nin the Secure Access installer for the Windows client and server prior to\nversion 14.55. Attackers with local access to the client or server can use it\nto elevate privileges to Administrator when Secure Access is installed in a\nnon-default location. \u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-40952 is a privilege misconfiguration\nin the Secure Access installer for the Windows client and server prior to\nversion 14.55. Attackers with local access to the client or server can use it\nto elevate privileges to Administrator when Secure Access is installed in a\nnon-default location."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:32:58.728Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40952"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privilge misconfiguration in Secure Access installers",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40952",
        "datePublished": "2026-07-15T19:32:58.728Z",
        "dateReserved": "2026-04-16T00:19:03.573Z",
        "dateUpdated": "2026-07-16T13:06:21.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33443 (GCVE-0-2026-33443)

    Vulnerability from nvd – Published: 2026-07-15 20:06 – Updated: 2026-07-16 13:11
    VLAI
    Title
    Memory management error in Secure Access servers prior to 14.55
    Summary
    CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33443",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:10:56.161428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:11:10.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-33443 is a memory management error in\nSecure Access servers prior to 14.55. Attackers with an intimate knowledge of\nand total control over the tunnel protocol can create a persistent DoS against\nthe server. \u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-33443 is a memory management error in\nSecure Access servers prior to 14.55. Attackers with an intimate knowledge of\nand total control over the tunnel protocol can create a persistent DoS against\nthe server."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:06:30.711Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33443"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory management error in Secure Access servers prior to 14.55",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-33443",
        "datePublished": "2026-07-15T20:06:30.711Z",
        "dateReserved": "2026-03-19T23:04:05.695Z",
        "dateUpdated": "2026-07-16T13:11:10.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40951 (GCVE-0-2026-40951)

    Vulnerability from nvd – Published: 2026-04-30 20:22 – Updated: 2026-05-01 14:29
    VLAI
    Title
    Memory corruption in Secure Access Windows clients prior to 14.50
    Summary
    CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Software Secure Access Affected: 0 , < 14.50 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40951",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-01T14:29:02.301464Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-01T14:29:48.263Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Windows client"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Secure Access",
              "vendor": "Absolute Software",
              "versions": [
                {
                  "lessThan": "14.50",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CVE-2026-40951 is a memory corruption vulnerability on Secure Access \nWindows clients prior to 14.50. Attackers with local control of the \nWindows client can send malformed data to an API and trigger a denial of\n service."
                }
              ],
              "value": "CVE-2026-40951 is a memory corruption vulnerability on Secure Access \nWindows clients prior to 14.50. Attackers with local control of the \nWindows client can send malformed data to an API and trigger a denial of\n service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T20:22:16.201Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40951"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory corruption in Secure Access Windows clients prior to 14.50",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40951",
        "datePublished": "2026-04-30T20:22:16.201Z",
        "dateReserved": "2026-04-16T00:19:03.573Z",
        "dateUpdated": "2026-05-01T14:29:48.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40950 (GCVE-0-2026-40950)

    Vulnerability from nvd – Published: 2026-04-30 20:19 – Updated: 2026-05-01 14:31
    VLAI
    Title
    Buffer overflow in the Secure Access server prior to 14.50
    Summary
    CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Software Secure Access Affected: 0 , < 14.50 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40950",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-01T14:30:52.080810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "CWE-121 Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-01T14:31:19.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Server"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Secure Access",
              "vendor": "Absolute Software",
              "versions": [
                {
                  "lessThan": "14.50",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access \nserver prior to 14.50. Attackers with control of a modified client can \nsend a specially crafted message to the server and cause a denial of \nservice"
                }
              ],
              "value": "CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access \nserver prior to 14.50. Attackers with control of a modified client can \nsend a specially crafted message to the server and cause a denial of \nservice"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T20:19:11.609Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40950"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer overflow in the Secure Access server prior to 14.50",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40950",
        "datePublished": "2026-04-30T20:19:11.609Z",
        "dateReserved": "2026-04-16T00:19:03.573Z",
        "dateUpdated": "2026-05-01T14:31:19.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40949 (GCVE-0-2026-40949)

    Vulnerability from nvd – Published: 2026-04-30 20:16 – Updated: 2026-05-01 14:32
    VLAI
    Title
    Buffer overflow in Windows clients prior to 14.50
    Summary
    CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Software Secure Access Affected: 0 , < 14.50 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40949",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-01T14:31:44.551419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "CWE-121 Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-01T14:32:04.114Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Windows client"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Secure Access",
              "vendor": "Absolute Software",
              "versions": [
                {
                  "lessThan": "14.50",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access \nWindows client prior to 14.50. Attackers with local control of the \nWindows client can use it to trigger a denial of service."
                }
              ],
              "value": "CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access \nWindows client prior to 14.50. Attackers with local control of the \nWindows client can use it to trigger a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T20:16:19.912Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40949"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer overflow in Windows clients prior to 14.50",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40949",
        "datePublished": "2026-04-30T20:16:19.912Z",
        "dateReserved": "2026-04-16T00:19:03.573Z",
        "dateUpdated": "2026-05-01T14:32:04.114Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33452 (GCVE-0-2026-33452)

    Vulnerability from nvd – Published: 2026-04-30 20:12 – Updated: 2026-05-01 14:30
    VLAI
    Title
    Buffer overflow in Windows clients prior to 14.50
    Summary
    CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Software Secure Access Affected: 0 , < 14.50 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33452",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-01T14:30:08.157097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "CWE-121 Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-01T14:30:27.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Windows client"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Secure Access",
              "vendor": "Absolute Software",
              "versions": [
                {
                  "lessThan": "14.50",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access \nWindows client prior to 14.50. Attackers with local control of the \nWindows client can use it to \u2018blue screen\u2019 the system."
                }
              ],
              "value": "CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access \nWindows client prior to 14.50. Attackers with local control of the \nWindows client can use it to \u2018blue screen\u2019 the system."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T20:12:16.166Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33452"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer overflow in Windows clients prior to 14.50",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-33452",
        "datePublished": "2026-04-30T20:12:16.166Z",
        "dateReserved": "2026-03-19T23:04:05.696Z",
        "dateUpdated": "2026-05-01T14:30:27.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33451 (GCVE-0-2026-33451)

    Vulnerability from nvd – Published: 2026-04-30 20:08 – Updated: 2026-05-01 14:36
    VLAI
    Title
    Arbitrary read/write vulnerability in Windows clients prior to 14.50
    Summary
    CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Software Secure Access Affected: 0 , < 14.50 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33451",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-01T14:36:03.654479Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-01T14:36:19.832Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Windows client"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Secure Access",
              "vendor": "Absolute Software",
              "versions": [
                {
                  "lessThan": "14.50",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure \nAccess Windows client prior to 14.50. Attackers with local control of \nthe Windows client can send malformed data to an API and elevate their \nlevel of privilege to system."
                }
              ],
              "value": "CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure \nAccess Windows client prior to 14.50. Attackers with local control of \nthe Windows client can send malformed data to an API and elevate their \nlevel of privilege to system."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T20:08:03.213Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33451"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary read/write vulnerability in Windows clients prior to 14.50",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-33451",
        "datePublished": "2026-04-30T20:08:03.213Z",
        "dateReserved": "2026-03-19T23:04:05.696Z",
        "dateUpdated": "2026-05-01T14:36:19.832Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33450 (GCVE-0-2026-33450)

    Vulnerability from nvd – Published: 2026-04-30 20:04 – Updated: 2026-05-01 14:35
    VLAI
    Title
    Out of bounds read in Secure Access MacOS clients prior to 14.50
    Summary
    CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Software Secure Access Affected: 0 , < 14.50 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33450",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-01T14:35:24.810504Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-01T14:35:43.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Client"
              ],
              "platforms": [
                "MacOS"
              ],
              "product": "Secure Access",
              "vendor": "Absolute Software",
              "versions": [
                {
                  "lessThan": "14.50",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CVE-2026-33450 is an out of bounds read vulnerability in the Secure \nAccess MacOS client prior to 14.50. Attackers with control of a modified\n server can send a malformed packet to the client causing a denial of \nservice. \u0026nbsp;"
                }
              ],
              "value": "CVE-2026-33450 is an out of bounds read vulnerability in the Secure \nAccess MacOS client prior to 14.50. Attackers with control of a modified\n server can send a malformed packet to the client causing a denial of \nservice."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T20:04:14.383Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33450"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out of bounds read in Secure Access MacOS clients prior to 14.50",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-33450",
        "datePublished": "2026-04-30T20:04:14.383Z",
        "dateReserved": "2026-03-19T23:04:05.696Z",
        "dateUpdated": "2026-05-01T14:35:43.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55399 (GCVE-0-2026-55399)

    Vulnerability from cvelistv5 – Published: 2026-07-15 20:20 – Updated: 2026-07-16 13:07
    VLAI
    Title
    Resource exhaustion vulnerability in the Secure Access publisher
    Summary
    CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55399",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:07:15.653685Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:07:32.872Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-55399 is a resource exhaustion\nvulnerability in the Secure Access publisher prior to 14.55. Attackers with\nvalid credentials to the Secure Access tunnel can create a non-persistent DoS\nagainst the publisher.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-55399 is a resource exhaustion\nvulnerability in the Secure Access publisher prior to 14.55. Attackers with\nvalid credentials to the Secure Access tunnel can create a non-persistent DoS\nagainst the publisher."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:20:13.950Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-55399"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Resource exhaustion vulnerability in the Secure Access publisher",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-55399",
        "datePublished": "2026-07-15T20:20:13.950Z",
        "dateReserved": "2026-06-16T21:26:37.698Z",
        "dateUpdated": "2026-07-16T13:07:32.872Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55398 (GCVE-0-2026-55398)

    Vulnerability from cvelistv5 – Published: 2026-07-15 20:17 – Updated: 2026-07-16 13:08
    VLAI
    Title
    Memory management vulnerability in Secure Access clients
    Summary
    CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:08:23.469391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:08:45.489Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eCVE-2026-55398\nis a memory management vulnerability in Secure Access clients and servers prior\nto 14.55. Attackers with intimate knowledge of and total control over the\ntunnel protocol can create a non-persistent DoS against the server.\u003c/span\u003e"
                }
              ],
              "value": "CVE-2026-55398\nis a memory management vulnerability in Secure Access clients and servers prior\nto 14.55. Attackers with intimate knowledge of and total control over the\ntunnel protocol can create a non-persistent DoS against the server."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:17:00.166Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-55398"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory management vulnerability in Secure Access clients",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-55398",
        "datePublished": "2026-07-15T20:17:00.166Z",
        "dateReserved": "2026-06-16T21:26:37.698Z",
        "dateUpdated": "2026-07-16T13:08:45.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33445 (GCVE-0-2026-33445)

    Vulnerability from cvelistv5 – Published: 2026-07-15 20:13 – Updated: 2026-07-16 13:09
    VLAI
    Title
    Memory management vulnerability in Secure Access servers
    Summary
    CVE-2026-33445 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33445",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:09:21.100503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:09:35.944Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-33445 is a memory management\nvulnerability in Secure Access servers prior to 14.55. Attackers with an\nintimate knowledge of and total control over the tunnel protocol can create a\npersistent DoS against the server.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-33445 is a memory management\nvulnerability in Secure Access servers prior to 14.55. Attackers with an\nintimate knowledge of and total control over the tunnel protocol can create a\npersistent DoS against the server."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:13:55.272Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33445"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory management vulnerability in Secure Access servers",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-33445",
        "datePublished": "2026-07-15T20:13:55.272Z",
        "dateReserved": "2026-03-19T23:04:05.695Z",
        "dateUpdated": "2026-07-16T13:09:35.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33444 (GCVE-0-2026-33444)

    Vulnerability from cvelistv5 – Published: 2026-07-15 20:10 – Updated: 2026-07-16 13:10
    VLAI
    Title
    Memory management vulnerability in Secure Access servers
    Summary
    CVE-2026-33444 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Secutity Secure Access Affected: 0 , < 14.55 (Server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:09:57.852803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:10:18.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Secutity",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-33444 is a memory management\nvulnerability in Secure Access servers prior to 14.55. Attackers with intimate\nknowledge of and total control over the tunnel protocol can create a\nnon-persistent DoS against the server.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-33444 is a memory management\nvulnerability in Secure Access servers prior to 14.55. Attackers with intimate\nknowledge of and total control over the tunnel protocol can create a\nnon-persistent DoS against the server."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:10:20.421Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33444"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory management vulnerability in Secure Access servers",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-33444",
        "datePublished": "2026-07-15T20:10:20.421Z",
        "dateReserved": "2026-03-19T23:04:05.695Z",
        "dateUpdated": "2026-07-16T13:10:18.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33443 (GCVE-0-2026-33443)

    Vulnerability from cvelistv5 – Published: 2026-07-15 20:06 – Updated: 2026-07-16 13:11
    VLAI
    Title
    Memory management error in Secure Access servers prior to 14.55
    Summary
    CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33443",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:10:56.161428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:11:10.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-33443 is a memory management error in\nSecure Access servers prior to 14.55. Attackers with an intimate knowledge of\nand total control over the tunnel protocol can create a persistent DoS against\nthe server. \u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-33443 is a memory management error in\nSecure Access servers prior to 14.55. Attackers with an intimate knowledge of\nand total control over the tunnel protocol can create a persistent DoS against\nthe server."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:06:30.711Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33443"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory management error in Secure Access servers prior to 14.55",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-33443",
        "datePublished": "2026-07-15T20:06:30.711Z",
        "dateReserved": "2026-03-19T23:04:05.695Z",
        "dateUpdated": "2026-07-16T13:11:10.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40958 (GCVE-0-2026-40958)

    Vulnerability from cvelistv5 – Published: 2026-07-15 20:02 – Updated: 2026-07-16 13:11
    VLAI
    Title
    Input validation error in Secure Access clients prior to 14.55
    Summary
    CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40958",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:11:32.690461Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:11:50.471Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eCVE-2026-40958\nis a input validation error in Secure Access clients prior to 14.55. Attackers\nwith intimate knowledge of and total control over the tunnel protocol can\ncreate a non-persistent DoS against their client.\u003c/span\u003e"
                }
              ],
              "value": "CVE-2026-40958\nis a input validation error in Secure Access clients prior to 14.55. Attackers\nwith intimate knowledge of and total control over the tunnel protocol can\ncreate a non-persistent DoS against their client."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:02:59.125Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40958"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Input validation error in Secure Access clients prior to 14.55",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40958",
        "datePublished": "2026-07-15T20:02:59.125Z",
        "dateReserved": "2026-04-16T00:19:03.574Z",
        "dateUpdated": "2026-07-16T13:11:50.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40957 (GCVE-0-2026-40957)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:59 – Updated: 2026-07-16 13:16
    VLAI
    Title
    Frameable content vulnerability in the Secure Access server login page
    Summary
    o   CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40957",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:16:17.605043Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1021",
                    "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:16:38.543Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003e\u003cspan\u003eo\u003cspan\u003e\u0026nbsp;\u0026nbsp;\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003eCVE-2026-40957 is a frameable content\nvulnerability in the Secure Access server login page prior to 14.55. Attackers\nwith control of a malicious web site could use it to potentially steal\ncredentials from an unwary administrator. \u003c/p\u003e"
                }
              ],
              "value": "o\u00a0\u00a0\nCVE-2026-40957 is a frameable content\nvulnerability in the Secure Access server login page prior to 14.55. Attackers\nwith control of a malicious web site could use it to potentially steal\ncredentials from an unwary administrator."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:59:05.438Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40957"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Frameable content vulnerability in the Secure Access server login page",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40957",
        "datePublished": "2026-07-15T19:59:05.438Z",
        "dateReserved": "2026-04-16T00:19:03.574Z",
        "dateUpdated": "2026-07-16T13:16:38.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40956 (GCVE-0-2026-40956)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:55 – Updated: 2026-07-16 13:12
    VLAI
    Title
    Memory disclosure in Secure Access Clients
    Summary
    CVE-2026-40956 is a memory disclosure vulnerability in Secure Access client versions prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a small amount of random memory to leak.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:12:21.752569Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:12:35.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eCVE-2026-40956\nis a memory disclosure vulnerability in Secure Access client versions prior to 14.55.\nAttackers with intimate knowledge of and total control over the tunnel protocol\ncan cause a small amount of random memory to leak.\u003c/span\u003e"
                }
              ],
              "value": "CVE-2026-40956\nis a memory disclosure vulnerability in Secure Access client versions prior to 14.55.\nAttackers with intimate knowledge of and total control over the tunnel protocol\ncan cause a small amount of random memory to leak."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:55:05.678Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40956"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory disclosure in Secure Access Clients",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40956",
        "datePublished": "2026-07-15T19:55:05.678Z",
        "dateReserved": "2026-04-16T00:19:03.574Z",
        "dateUpdated": "2026-07-16T13:12:35.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40955 (GCVE-0-2026-40955)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:50 – Updated: 2026-07-16 13:13
    VLAI
    Title
    Integer underflow vulnerability in Secure Access clients
    Summary
    CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40955",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:12:55.536574Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-191",
                    "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:13:12.587Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-40955 is an integer underflow\nvulnerability in the traffic parsing function of Secure Access clients prior to\n14.55. Attackers with intimate knowledge of and total control over the tunnel\nprotocol can create a non-persistent DoS against their client.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-40955 is an integer underflow\nvulnerability in the traffic parsing function of Secure Access clients prior to\n14.55. Attackers with intimate knowledge of and total control over the tunnel\nprotocol can create a non-persistent DoS against their client."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:50:55.979Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40955"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Integer underflow vulnerability in Secure Access clients",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40955",
        "datePublished": "2026-07-15T19:50:55.979Z",
        "dateReserved": "2026-04-16T00:19:03.573Z",
        "dateUpdated": "2026-07-16T13:13:12.587Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40954 (GCVE-0-2026-40954)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:44 – Updated: 2026-07-16 13:15
    VLAI
    Title
    Integer underflow in Secure Access clients prior to 14.55
    Summary
    CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40954",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:14:53.484084Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-191",
                    "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:15:09.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eCVE-2026-40954\nis an integer underflow vulnerability in the traffic parsing function of Secure\nAccess clients prior to 14.55. Attackers with intimate knowledge of and total\ncontrol over the tunnel protocol can create a non-persistent DoS against their\nclient\u003c/span\u003e"
                }
              ],
              "value": "CVE-2026-40954\nis an integer underflow vulnerability in the traffic parsing function of Secure\nAccess clients prior to 14.55. Attackers with intimate knowledge of and total\ncontrol over the tunnel protocol can create a non-persistent DoS against their\nclient"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:44:47.223Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40954"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Integer underflow in Secure Access clients prior to 14.55",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40954",
        "datePublished": "2026-07-15T19:44:47.223Z",
        "dateReserved": "2026-04-16T00:19:03.573Z",
        "dateUpdated": "2026-07-16T13:15:09.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40953 (GCVE-0-2026-40953)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:40 – Updated: 2026-07-16 13:15
    VLAI
    Title
    Heap overflow in Secure Access clients
    Summary
    CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (Client)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:15:31.920768Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:15:46.358Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Client"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-40953 is a heap overflow in the\ncertificate parsing function of Secure Access clients prior to 14.55. Attackers\nwith local access and administrator permissions can create a denial of service\nattack against the client over which they have control. \u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-40953 is a heap overflow in the\ncertificate parsing function of Secure Access clients prior to 14.55. Attackers\nwith local access and administrator permissions can create a denial of service\nattack against the client over which they have control."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:40:50.435Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40953"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Heap overflow in Secure Access clients",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40953",
        "datePublished": "2026-07-15T19:40:50.435Z",
        "dateReserved": "2026-04-16T00:19:03.573Z",
        "dateUpdated": "2026-07-16T13:15:46.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40952 (GCVE-0-2026-40952)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:32 – Updated: 2026-07-16 13:06
    VLAI
    Title
    Privilge misconfiguration in Secure Access installers
    Summary
    CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Absolute Security Secure Access Affected: 0 , < 14.55 (server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40952",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:05:54.727165Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:06:21.115Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Secure Access",
              "vendor": "Absolute Security",
              "versions": [
                {
                  "lessThan": "14.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCVE-2026-40952 is a privilege misconfiguration\nin the Secure Access installer for the Windows client and server prior to\nversion 14.55. Attackers with local access to the client or server can use it\nto elevate privileges to Administrator when Secure Access is installed in a\nnon-default location. \u003c/p\u003e"
                }
              ],
              "value": "CVE-2026-40952 is a privilege misconfiguration\nin the Secure Access installer for the Windows client and server prior to\nversion 14.55. Attackers with local access to the client or server can use it\nto elevate privileges to Administrator when Secure Access is installed in a\nnon-default location."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:32:58.728Z",
            "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
            "shortName": "Absolute"
          },
          "references": [
            {
              "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40952"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privilge misconfiguration in Secure Access installers",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "assignerShortName": "Absolute",
        "cveId": "CVE-2026-40952",
        "datePublished": "2026-07-15T19:32:58.728Z",
        "dateReserved": "2026-04-16T00:19:03.573Z",
        "dateUpdated": "2026-07-16T13:06:21.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }