PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55398 Absolute CVE debrief

CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server. This vulnerability has a CVSS score of 6.9 and a severity of MEDIUM. Users of Secure Access clients and servers prior to version 14.55 should be aware of this vulnerability and take steps to mitigate it.

Vendor
Absolute
Product
Secure Access
CVSS
MEDIUM 6.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-15
Original CVE updated
2026-07-16
Advisory published
2026-07-15
Advisory updated
2026-07-16

Who should care

Users of Secure Access clients and servers prior to version 14.55 should be aware of this vulnerability and take steps to mitigate it. This includes administrators, security teams, and operators responsible for the affected systems.

Technical summary

The vulnerability is a memory management issue in Secure Access clients and servers prior to version 14.55. An attacker with intimate knowledge of and total control over the tunnel protocol can create a non-persistent Denial of Service (DoS) against the server. The vulnerability has a CVSS score of 6.9 and a severity of MEDIUM.

Defensive priority

Medium priority due to the potential for a non-persistent DoS attack.

Recommended defensive actions

  • Inventory and verify affected Secure Access clients and servers
  • Apply vendor-provided patches or updates to version 14.55 or later
  • Monitor for suspicious activity related to the tunnel protocol
  • Implement compensating controls to detect and prevent DoS attacks
  • Review and verify the configuration of affected systems

Evidence notes

The CVE record was published on 2026-07-15T21:16:54.980Z and was last modified on 2026-07-16T16:27:38.407Z. The NVD entry is currently Analyzed. This memory management vulnerability affects Secure Access clients and servers prior to version 14.55, allowing attackers with intimate knowledge of and total control over the tunnel protocol to create a non-persistent Denial of Service (DoS) against the server. Evidence is based on CVE and NVD information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T21:16:54.980Z and has not been modified since then. The NVD entry is currently Analyzed.