Absolute CVEs & Vulnerabilities

10 CVEs affecting Absolute products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

secure access 10
CVE-2026-40951MEDIUM

CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service.

1 May 2026
5.5
CVSS
CVE-2026-40950MEDIUM

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service

1 May 2026
6.5
CVSS
CVE-2026-40949MEDIUM

CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service.

1 May 2026
4.4
CVSS
CVE-2026-33452MEDIUM

CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system.

1 May 2026
5.5
CVSS
CVE-2026-33451HIGH

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.

1 May 2026
7.8
CVSS
CVE-2026-33450MEDIUM

CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service.

1 May 2026
5.5
CVSS
CVE-2026-33449HIGH

CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service.

1 May 2026
7.5
CVSS
CVE-2026-33448LOW

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets.

30 Apr 2026
3.3
CVSS
CVE-2026-33447CRITICAL

CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service.

30 Apr 2026
9.8
CVSS
CVE-2026-33446CRITICAL

CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service.

30 Apr 2026
9.8
CVSS
← PrevPage 1 / 1Next →