Description
CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access
Windows client prior to 14.50. Attackers with local control of the
Windows client can use it to ‘blue screen’ the system.
Published: 2026-04-30
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow in the Absolute Software Secure Access Windows client allows an attacker with local machine control to trigger a failure that causes the system to stop responding and produce a blue screen. The vulnerability exploits memory‑management boundaries to corrupt critical data structures, leading to a crash that prevents the operating system from continuing to function normally. The effect is limited to disruption of local services and not to data loss or unauthorized control. The CVSS score of 5.9 reflects its moderate severity and local nature.

Affected Systems

All Windows installations of the Secure Access client version earlier than 14.50 are affected. The vulnerability exists in the client component that processes user input and network traffic specific to Secure Access. Users running these older client versions are at risk; newer releases (14.50 and above) contain the fix.

Risk and Exploitability

The score of 5.9 indicates a moderate risk, and the EPSS score of 0.00014 (~<1%) indicates a very low likelihood of exploitation in the wild. The vulnerability is not listed in CISA KEV, suggesting it has not yet been widely exploited. Exploitation requires local user privileges; an attacker would need to execute code on the machine. Once the overflow is triggered, the simplest consequence is a system crash, satisfying an attacker’s objective of causing downtime or forcing a user to reinstall or restore the system.

Generated by OpenCVE AI on May 2, 2026 at 08:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Secure Access Windows client to version 14.50 or later. This patch removes the overflow problem by correcting input validation and bounds checking.
  • If an update cannot be performed immediately, uninstall or disable the vulnerable component of the Secure Access client until a patch is available to mitigate the possibility of a local crash.
  • Restrict local user privileges and remove unnecessary local accounts to reduce the attack surface for any potential local attackers.

Generated by OpenCVE AI on May 2, 2026 at 08:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 08:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Absolute
Absolute secure Access
Vendors & Products Absolute
Absolute secure Access

Fri, 01 May 2026 05:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Thu, 30 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system.
Title Buffer overflow in Windows clients prior to 14.50
References
Metrics cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Absolute Secure Access
cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published:

Updated: 2026-05-01T14:30:27.273Z

Reserved: 2026-03-19T23:04:05.696Z

Link: CVE-2026-33452

cve-icon Vulnrichment

Updated: 2026-05-01T14:30:23.513Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-30T21:16:31.920

Modified: 2026-05-01T15:28:29.083

Link: CVE-2026-33452

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:15:16Z

Weaknesses