PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-40958 Absolute CVE debrief

CVE-2026-40958 is an input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client. This vulnerability has a CVSS score of 2.3 and a severity of LOW. The vulnerability affects users of Secure Access clients prior to version 14.55. The CVE record was published on 2026-07-15T20:17:00.503Z and has not been modified since then.

Vendor
Absolute
Product
Secure Access
CVSS
LOW 2.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-15
Original CVE updated
2026-07-16
Advisory published
2026-07-15
Advisory updated
2026-07-16

Who should care

Users of Secure Access clients prior to version 14.55 should be aware of this vulnerability and take steps to mitigate it. This includes updating Secure Access clients to version 14.55 or later, restricting access to the tunnel protocol to authorized users only, and monitoring for suspicious activity on the network. The vulnerability has a low severity, but users should still take steps to mitigate it.

Technical summary

The vulnerability is an input validation error in Secure Access clients prior to version 14.55. This error allows attackers with intimate knowledge of and total control over the tunnel protocol to create a non-persistent Denial of Service (DoS) against their client. The vulnerability has a CVSS score of 2.3 and a severity of LOW. The vulnerability affects Secure Access clients prior to version 14.55.

Defensive priority

This vulnerability has a low severity and requires intimate knowledge of and total control over the tunnel protocol to exploit. However, users of Secure Access clients prior to version 14.55 should still take steps to mitigate it, including updating Secure Access clients to version 14.55 or later, restricting access to the tunnel protocol to authorized users only, and monitoring for suspicious activity on the network.

Recommended defensive actions

  • Update Secure Access clients to version 14.55 or later
  • Restrict access to the tunnel protocol to authorized users only
  • Monitor for suspicious activity on the network
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-15T20:17:00.503Z and was last modified on 2026-07-16T02:55:32.807Z. The NVD entry is currently Analyzed. The vulnerability affects Secure Access clients prior to version 14.55. The CVE record was obtained from the NVD database, which is a comprehensive vulnerability database maintained by the US government. The record has not been modified since its publication.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T20:17:00.503Z and has not been modified since then. The NVD entry is currently Analyzed.