Description
CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure
Access Server prior to 14.20. An attacker can send a specially crafted packet
to a server and cause the server to crash
Published: 2026-01-17
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

CVE-2026-0517 is a denial‑of‑service flaw in Absolute Security Secure Access servers. A malicious actor can send a specially crafted network packet to the server, causing the application to crash and halt service availability. The vulnerability does not affect confidentiality or integrity; its primary impact is to render the server unusable for legitimate users.

Affected Systems

The flaw affects Absolute Security’s Secure Access product in all releases prior to version 14.20. Any deployment of Secure Access Server that has not been upgraded to 14.20 or later is susceptible to this denial‑of‑service condition.

Risk and Exploitability

The CVSS score of 6 classifies the issue as medium severity, while the EPSS score of less than 1% indicates a low but non‑zero likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Because the flaw can be triggered by a single network packet, the attack vector is inferred to be remote network access with no authentication required. While exploitation is relatively simple, the lack of widespread public exploitation data suggests an opportunity exists for targeted operators to cause outages.

Generated by OpenCVE AI on April 18, 2026 at 05:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Secure Access to version 14.20 or later to apply the vendor patch
  • If an upgrade is delayed, isolate the affected server from untrusted networks and apply packet‑filtering to block or rate‑limit suspicious inbound traffic
  • Monitor server logs for signs of abnormal crash patterns and consider implementing a graceful restart routine to recover from unexpected crashes

Generated by OpenCVE AI on April 18, 2026 at 05:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 02 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 20 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Absolute
Absolute secure Access
Vendors & Products Absolute
Absolute secure Access

Sat, 17 Jan 2026 01:15:00 +0000

Type Values Removed Values Added
Description CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure Access Server prior to 14.20. An attacker can send a specially crafted packet to a server and cause the server to crash
Title Denial of Service in Secure Access Servers Prior to 14.20.
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Absolute Secure Access
cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published:

Updated: 2026-01-20T18:34:14.258Z

Reserved: 2025-12-12T17:25:10.814Z

Link: CVE-2026-0517

cve-icon Vulnrichment

Updated: 2026-01-20T18:34:07.894Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-17T01:15:51.030

Modified: 2026-02-02T16:01:42.677

Link: CVE-2026-0517

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:45:38Z

Weaknesses