Absolute: >> Secure Access >> 13.06 Security Vulnerabilities
CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access
server prior to 14.50. Attackers with control of a modified client can
send a specially crafted message to the server and cause a denial of
service
CVSS Score
7.1
EPSS Score
0.001
Published
2026-04-30
CVE-2026-40951 is a memory corruption vulnerability on Secure Access
Windows clients prior to 14.50. Attackers with local control of the
Windows client can send malformed data to an API and trigger a denial of
service.
CVSS Score
6.8
EPSS Score
0.0
Published
2026-04-30
CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access
Windows client prior to 14.50. Attackers with local control of the
Windows client can use it to trigger a denial of service.
CVSS Score
6.8
EPSS Score
0.0
Published
2026-04-30
CVE-2026-33449 is a buffer overflow in a message handling function of
the Secure Access client prior to 14.50. Attackers with control of
a modified server can send a cryptographically valid message to the
client, overwriting a small portion of memory conceivably leading to a
denial of service.
CVSS Score
2.3
EPSS Score
0.001
Published
2026-04-30
CVE-2026-33450 is an out of bounds read vulnerability in the Secure
Access MacOS client prior to 14.50. Attackers with control of a modified
server can send a malformed packet to the client causing a denial of
service.
CVSS Score
2.3
EPSS Score
0.0
Published
2026-04-30
CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure
Access Windows client prior to 14.50. Attackers with local control of
the Windows client can send malformed data to an API and elevate their
level of privilege to system.
CVSS Score
8.5
EPSS Score
0.0
Published
2026-04-30
CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access
Windows client prior to 14.50. Attackers with local control of the
Windows client can use it to ‘blue screen’ the system.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-04-30
CVE-2026-33448 is a format string vulnerability in the logging subsystem
of Secure Access client for MacOS prior to 14.50. Attackers with
control of a modified server can force the client to dump the contents
of a small portion of memory to the log files potentially revealing
secrets.
CVSS Score
4.8
EPSS Score
0.0
Published
2026-04-30
CVE-2026-33446 is a buffer overflow in the authentication sub-system of
the Secure Access client prior to 14.50. Attackers with control of a
modified server can send a special packet that can overwrite a small
portion of memory conceivably leading to memory corruption or a denial
of service.
CVSS Score
2.3
EPSS Score
0.001
Published
2026-04-30
CVE-2026-33447 is a buffer overflow in a message parsing function of the
Secure Access client prior to 14.50. Attackers with control of a
modified server can send a special packet that can overwrite a small
portion of memory conceivably leading to memory corruption or denial of
service.
CVSS Score
2.3
EPSS Score
0.001
Published
2026-04-30
Page 1