PatchSiren cyber security CVE debrief
CVE-2026-40958 Absolute CVE debrief
CVE-2026-40958 is an input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client. This vulnerability has a CVSS score of 2.3 and a severity of LOW. The vulnerability affects users of Secure Access clients prior to version 14.55. The CVE record was published on 2026-07-15T20:17:00.503Z and has not been modified since then.
- Vendor
- Absolute
- Product
- Secure Access
- CVSS
- LOW 2.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-15
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-15
- Advisory updated
- 2026-07-16
Who should care
Users of Secure Access clients prior to version 14.55 should be aware of this vulnerability and take steps to mitigate it. This includes updating Secure Access clients to version 14.55 or later, restricting access to the tunnel protocol to authorized users only, and monitoring for suspicious activity on the network. The vulnerability has a low severity, but users should still take steps to mitigate it.
Technical summary
The vulnerability is an input validation error in Secure Access clients prior to version 14.55. This error allows attackers with intimate knowledge of and total control over the tunnel protocol to create a non-persistent Denial of Service (DoS) against their client. The vulnerability has a CVSS score of 2.3 and a severity of LOW. The vulnerability affects Secure Access clients prior to version 14.55.
Defensive priority
This vulnerability has a low severity and requires intimate knowledge of and total control over the tunnel protocol to exploit. However, users of Secure Access clients prior to version 14.55 should still take steps to mitigate it, including updating Secure Access clients to version 14.55 or later, restricting access to the tunnel protocol to authorized users only, and monitoring for suspicious activity on the network.
Recommended defensive actions
- Update Secure Access clients to version 14.55 or later
- Restrict access to the tunnel protocol to authorized users only
- Monitor for suspicious activity on the network
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-15T20:17:00.503Z and was last modified on 2026-07-16T02:55:32.807Z. The NVD entry is currently Analyzed. The vulnerability affects Secure Access clients prior to version 14.55. The CVE record was obtained from the NVD database, which is a comprehensive vulnerability database maintained by the US government. The record has not been modified since its publication.
Official resources
-
CVE-2026-40958 CVE record
CVE.org
-
CVE-2026-40958 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T20:17:00.503Z and has not been modified since then. The NVD entry is currently Analyzed.