Vendor
Absolute
Products
1
CVEs
10
Across products
10
Status
Private
Products
1- 10 CVEs
Recent CVEs
10| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33447 | Cri | 0.64 | 9.8 | 0.00 | Apr 30, 2026 | CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service. | |
| CVE-2026-33446 | Cri | 0.64 | 9.8 | 0.00 | Apr 30, 2026 | CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service. | |
| CVE-2026-33451 | Hig | 0.51 | 7.8 | 0.00 | Apr 30, 2026 | CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system. | |
| CVE-2026-33449 | Hig | 0.49 | 7.5 | 0.00 | Apr 30, 2026 | CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service. | |
| CVE-2026-40950 | Med | 0.42 | 6.5 | 0.00 | Apr 30, 2026 | CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service | |
| CVE-2026-40951 | Med | 0.36 | 5.5 | 0.00 | Apr 30, 2026 | CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service. | |
| CVE-2026-33452 | Med | 0.36 | 5.5 | 0.00 | Apr 30, 2026 | CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system. | |
| CVE-2026-33450 | Med | 0.36 | 5.5 | 0.00 | Apr 30, 2026 | CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service. | |
| CVE-2026-40949 | Med | 0.29 | 4.4 | 0.00 | Apr 30, 2026 | CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service. | |
| CVE-2026-33448 | Low | 0.21 | 3.3 | 0.00 | Apr 30, 2026 | CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets. |