Description
CVE-2026-33449 is a buffer overflow in a message handling function of
the Secure Access client prior to 14.50. Attackers with control of
a modified server can send a cryptographically valid message to the
client, overwriting a small portion of memory conceivably leading to a
denial of service.
Published: 2026-04-30
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

CVE-2026-33449 describes a buffer overflow in the message handling function of the Secure Access client before version 14.50. An attacker who controls a modified server can send a cryptographically valid message that overwrites a small portion of client memory, which could lead to a denial of service. The vulnerability is a classic memory corruption flaw that may crash the client when an attacker delivers specially crafted packets, though it does not provide a path to arbitrary code execution. Given its low severity score of 2.3, the impact is limited to the stability of the affected client but remains disruptive for users dependent on the service.

Affected Systems

The affected product is Absolute Software Secure Access. Clients running any version prior to 14.50 are vulnerable; the issue does not appear in 14.50 and later releases.

Risk and Exploitability

The CVSS score of 2.3 reflects a low severity risk, and the EPSS score of < 1 % indicates a very low probability of exploitation. The attack vector is inferred to be remote, originating from an attacker‑controlled server that interacts with the client. Because the flaw requires the attacker to supply a valid cryptographic message, deployment may involve a compromised or rogue server, but the lack of public exploitation evidence suggests the risk is primarily theoretical. Nonetheless, any environment where clients connect to untrusted or externally controlled servers should consider the potential for denial of service.

Generated by OpenCVE AI on May 2, 2026 at 08:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Secure Access client to version 14.50 or later.
  • Re‑configure the client (or network) to prevent connections to untrusted or modified servers.
  • Monitor client logs for unexpected terminations or memory corruption events to detect potential exploitation attempts.

Generated by OpenCVE AI on May 2, 2026 at 08:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 08:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Absolute
Absolute secure Access
Vendors & Products Absolute
Absolute secure Access

Fri, 01 May 2026 05:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Thu, 30 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service.
Title Message handler buffer overflow in clients prior to 14.50
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Absolute Secure Access
cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published:

Updated: 2026-05-01T14:33:13.244Z

Reserved: 2026-03-19T23:04:05.696Z

Link: CVE-2026-33449

cve-icon Vulnrichment

Updated: 2026-05-01T14:33:09.242Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-30T21:16:31.570

Modified: 2026-05-01T15:28:29.083

Link: CVE-2026-33449

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:15:16Z

Weaknesses