Description
CVE-2026-33447 is a buffer overflow in a message parsing function of the
Secure Access client prior to 14.50. Attackers with control of a
modified server can send a special packet that can overwrite a small
portion of memory conceivably leading to memory corruption or denial of
service.
Published: 2026-04-30
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow in the message parsing function of the Secure Access client. When a server that has been tampered with sends a specially crafted packet, the client can overwrite a small portion of memory, which may lead to memory corruption or a denial‑of‑service condition. The official description does not state that this flaw enables remote code execution, so it is not confirmed to provide that capability; the impact is limited to client instability and integrity issues.

Affected Systems

The affected product is Absolute Software Secure Access. All versions prior to 14.50 are vulnerable; the exact affected versions are not listed beyond that threshold.

Risk and Exploitability

The CVSS score of 2.3 indicates low severity. The EPSS score of < 1% demonstrates a very low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires an attacker who controls a modified server that clients connect to, meaning the attacker must first compromise or impersonate a legitimate server. The limited scope of the memory overwrite also reduces overall risk, though impacted systems could suffer crashes or integrity issues.

Generated by OpenCVE AI on May 2, 2026 at 12:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Secure Access client to version 14.50 or later.
  • Configure network or application firewalls to block packets from untrusted or modified servers, allowing only known, trusted endpoints.
  • If an upgrade is not possible, isolate or disable the affected component until a patch becomes available.

Generated by OpenCVE AI on May 2, 2026 at 12:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Sat, 02 May 2026 12:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Secure Access Client May Cause Denial of Service

Sat, 02 May 2026 11:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Secure Access Client Causing Memory Corruption
Weaknesses CWE-119

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Absolute
Absolute secure Access
Vendors & Products Absolute
Absolute secure Access

Fri, 01 May 2026 05:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Secure Access Client Causing Memory Corruption
Weaknesses CWE-119

Thu, 30 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service.
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Absolute Secure Access
cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published:

Updated: 2026-05-01T14:32:40.680Z

Reserved: 2026-03-19T23:04:05.695Z

Link: CVE-2026-33447

cve-icon Vulnrichment

Updated: 2026-05-01T14:32:36.218Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T20:16:23.957

Modified: 2026-05-05T02:26:55.637

Link: CVE-2026-33447

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T12:30:27Z

Weaknesses