VYPR

Secure Access

by Absolute

CVEs (44)

  • CVE-2026-33447CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.00

    CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial…

  • CVE-2026-33446CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.00

    CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a…

  • CVE-2024-40872HigJul 25, 2024
    risk 0.55cvss 8.4epss 0.00

    There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the…

  • CVE-2026-33451HigApr 30, 2026
    risk 0.51cvss 7.8epss 0.00

    CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.

  • CVE-2026-33449HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a …

  • CVE-2026-40950MedApr 30, 2026
    risk 0.42cvss 6.5epss 0.00

    CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service

  • CVE-2025-54603MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.01

    An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users.

  • CVE-2024-40875MedDec 20, 2024
    risk 0.38cvss epss 0.00

    There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second…

  • CVE-2026-40951MedApr 30, 2026
    risk 0.36cvss 5.5epss 0.00

    CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service.

  • CVE-2026-33452MedApr 30, 2026
    risk 0.36cvss 5.5epss 0.00

    CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system.

  • CVE-2026-33450MedApr 30, 2026
    risk 0.36cvss 5.5epss 0.00

    CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service.

  • CVE-2025-27705MedMar 19, 2025
    risk 0.36cvss epss 0.00

    There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the…

  • CVE-2025-27704MedMar 19, 2025
    risk 0.36cvss epss 0.00

    There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the…

  • CVE-2026-40949MedApr 30, 2026
    risk 0.29cvss 4.4epss 0.00

    CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service.

  • CVE-2026-33448LowApr 30, 2026
    risk 0.21cvss 3.3epss 0.00

    CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing…

  • CVE-2026-0519Jan 17, 2026
    risk 0.00cvss epss 0.00

    In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system.

  • CVE-2026-0518Jan 17, 2026
    risk 0.00cvss epss 0.00

    CVE-2026-0518 is a cross-site scripting vulnerability in versions of Secure Access prior to 14.20. An attacker with administrative privileges can interfere with another administrator’s use of the console.

  • CVE-2026-0517Jan 17, 2026
    risk 0.00cvss epss 0.00

    CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure Access Server prior to 14.20. An attacker can send a specially crafted packet to a server and cause the server to crash

  • CVE-2025-59596Nov 4, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client…

  • CVE-2025-59595Nov 4, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-59595 is an internally discovered denial of service vulnerability in versions of Secure Access prior to 14.12. An attacker can send a specially crafted packet to a server in a non-default configuration and cause the server to crash.

Page 1 of 3