Description
CVE-2026-33450 is an out of bounds read vulnerability in the Secure
Access MacOS client prior to 14.50. Attackers with control of a modified
server can send a malformed packet to the client causing a denial of
service.
Published: 2026-04-30
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds read that allows an attacker with control of a modified server to send a malformed packet to the Secure Access client, causing the client application to terminate unexpectedly. This results in a denial of service for the affected user, but no exposure of sensitive data or further compromise.

Affected Systems

Absolute Software’s Secure Access MacOS client versions earlier than 14.50 are affected. Any installation of the client on macOS that has not been updated to 14.50 or later is vulnerable.

Risk and Exploitability

The CVSS score of 2.3 reflects a low severity impact. The EPSS score of <1% indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attack would require the attacker to control a server communicating with the victim’s client, indicating a network‑based exploit vector inferred from the description.

Generated by OpenCVE AI on May 2, 2026 at 08:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Secure Access MacOS client to version 14.50 or later.
  • Restrict inbound connections to the Secure Access client using firewall or network segmentation to limit exposure to untrusted servers.
  • Monitor system logs and network traffic for malformed packets or unexpected client crashes to detect potential exploitation attempts.

Generated by OpenCVE AI on May 2, 2026 at 08:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Absolute
Absolute secure Access
Vendors & Products Absolute
Absolute secure Access

Thu, 30 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service.
Title Out of bounds read in Secure Access MacOS clients prior to 14.50
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Absolute Secure Access
cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published:

Updated: 2026-05-01T14:35:43.451Z

Reserved: 2026-03-19T23:04:05.696Z

Link: CVE-2026-33450

cve-icon Vulnrichment

Updated: 2026-05-01T14:35:39.347Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-30T21:16:31.683

Modified: 2026-05-01T15:28:29.083

Link: CVE-2026-33450

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:15:16Z

Weaknesses