Description
CVE-2026-33446 is a buffer overflow in the authentication sub-system of
the Secure Access client prior to 14.50. Attackers with control of a
modified server can send a special packet that can overwrite a small
portion of memory conceivably leading to memory corruption or a denial
of service.
Published: 2026-04-30
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow flaw exists in the Secure Access client authentication subsystem before version 14.50. An attacker who can control a modified server can send a specially crafted packet to a client, causing a small portion of memory to be overwritten. This memory corruption can potentially degrade the client’s functionality or result in a denial of service. The description explicitly references memory corruption or denial of service, but does not claim remote code execution, so the primary impact is service disruption.

Affected Systems

This vulnerability affects the Absolute Software Secure Access client for all releases prior to 14.50. Users running any earlier version of the Secure Access client are susceptible to the described buffer overflow.

Risk and Exploitability

The CVSS score of 2.3 indicates a low‑severity issue; the EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote: an attacker must control a server that clients contact, enabling the malicious packet to reach vulnerable clients. Given the lack of publicly available exploit code and the low severity rating, the current risk of exploitation is low, but service interruption remains possible if a malicious server can communicate with the client.

Generated by OpenCVE AI on May 2, 2026 at 00:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Secure Access client to version 14.50 or later to eliminate the buffer overflow flaw.
  • Enforce strict server authenticity checks so clients only accept connections from trusted, signed servers, reducing the likelihood of interacting with a malicious server.
  • Monitor client connections for abnormal traffic patterns and apply network segmentation or firewall rules to restrict access to uncompromised servers.

Generated by OpenCVE AI on May 2, 2026 at 00:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Absolute
Absolute secure Access
Vendors & Products Absolute
Absolute secure Access

Thu, 30 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service.
Title Buffer overflow in client authentication prior to version 14.50
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Absolute Secure Access
cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published:

Updated: 2026-04-30T20:11:21.104Z

Reserved: 2026-03-19T23:04:05.695Z

Link: CVE-2026-33446

cve-icon Vulnrichment

Updated: 2026-04-30T20:11:01.900Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-30T20:16:23.813

Modified: 2026-05-01T15:28:29.083

Link: CVE-2026-33446

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T00:30:16Z

Weaknesses