Description
CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure
Access Windows client prior to 14.50. Attackers with local control of
the Windows client can send malformed data to an API and elevate their
level of privilege to system.
Published: 2026-04-30
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, the vulnerability requires an attacker with local control to exploit the Secure Access Windows client. An arbitrary read/write flaw permits sending malformed data to the client’s API, which results in elevation to system privileges. The weakness stems from improper input validation and memory manipulation, leading to full system compromise with complete control over the affected machine.

Affected Systems

Absolute Software Secure Access for Windows clients, versions prior to 14.50.

Risk and Exploitability

The exploit path demands local access; once the client machine is compromised, a malformed API request can elevate privileges to system. The CVSS score of 8.5 indicates high severity, while the EPSS score of <1% and absence from KEV suggest low likelihood of broad exploitation. The local nature of the attack limits reach to insiders or physically compromised devices, but once achieved, the impact is severe.

Generated by OpenCVE AI on May 2, 2026 at 12:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Secure Access client version 14.50 or newer, which contains the patch for CVE‑2026‑33451.
  • Restrict or remove local accounts that have administrative rights on the client machine to reduce the opportunity for local exploitation.
  • Enforce application whitelisting and monitor API traffic for anomalous or malformed requests to detect and block attempts to trigger the vulnerability.

Generated by OpenCVE AI on May 2, 2026 at 12:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-269
CWE-277

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 01 May 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Absolute
Absolute secure Access
Vendors & Products Absolute
Absolute secure Access

Fri, 01 May 2026 05:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-269
CWE-277

Thu, 30 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.
Title Arbitrary read/write vulnerability in Windows clients prior to 14.50
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Absolute Secure Access
cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published:

Updated: 2026-05-01T14:36:19.832Z

Reserved: 2026-03-19T23:04:05.696Z

Link: CVE-2026-33451

cve-icon Vulnrichment

Updated: 2026-05-01T14:36:16.170Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-30T21:16:31.800

Modified: 2026-05-01T15:28:29.083

Link: CVE-2026-33451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T12:30:27Z

Weaknesses