Description
CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access
server prior to 14.50. Attackers with control of a modified client can
send a specially crafted message to the server and cause a denial of
service
Published: 2026-04-30
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

CVE-2026-40950 is a buffer overflow that allows an attacker controlling a modified client to send a specially crafted message to the Secure Access server, causing a denial of service. The overflow is a classic stack‑based overflow condition matching CWE-121 and undermines the availability of the service.

Affected Systems

The vulnerability affects Absolute Software’s Secure Access product in all builds prior to version 14.50. Any system that has not applied the 14.50 update is exploitable.

Risk and Exploitability

The CVSS score of 7.1 reflects a high potential for impact; the EPSS score of 0.00042 indicates a very low probability of exploitation, but the lack of a KEV listing suggests no known public exploits yet. The likely attack vector is a malicious client that injects the crafted packet, so the exploit is most feasible when an attacker can control or impersonate a client session. Because the flaw leads only to a denial of service, the breach compromises availability but does not provide escalation of privileges or data theft.

Generated by OpenCVE AI on May 2, 2026 at 12:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied update to Secure Access 14.50 or later.
  • Restrict access to the Secure Access service to trusted networks or known IP ranges if an update cannot be applied immediately.
  • Monitor network traffic and system logs for abnormal message patterns or repeated failed connection attempts to the service.

Generated by OpenCVE AI on May 2, 2026 at 12:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Absolute
Absolute secure Access
Vendors & Products Absolute
Absolute secure Access

Fri, 01 May 2026 05:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 30 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service
Title Buffer overflow in the Secure Access server prior to 14.50
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Absolute Secure Access
cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published:

Updated: 2026-05-01T14:31:19.868Z

Reserved: 2026-04-16T00:19:03.573Z

Link: CVE-2026-40950

cve-icon Vulnrichment

Updated: 2026-05-01T14:31:12.127Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-30T21:16:33.010

Modified: 2026-05-01T15:28:29.083

Link: CVE-2026-40950

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T12:30:27Z

Weaknesses