PatchSiren cyber security CVE debrief
CVE-2026-55398 Absolute CVE debrief
CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server. This vulnerability has a CVSS score of 6.9 and a severity of MEDIUM. Users of Secure Access clients and servers prior to version 14.55 should be aware of this vulnerability and take steps to mitigate it.
- Vendor
- Absolute
- Product
- Secure Access
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-15
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-15
- Advisory updated
- 2026-07-16
Who should care
Users of Secure Access clients and servers prior to version 14.55 should be aware of this vulnerability and take steps to mitigate it. This includes administrators, security teams, and operators responsible for the affected systems.
Technical summary
The vulnerability is a memory management issue in Secure Access clients and servers prior to version 14.55. An attacker with intimate knowledge of and total control over the tunnel protocol can create a non-persistent Denial of Service (DoS) against the server. The vulnerability has a CVSS score of 6.9 and a severity of MEDIUM.
Defensive priority
Medium priority due to the potential for a non-persistent DoS attack.
Recommended defensive actions
- Inventory and verify affected Secure Access clients and servers
- Apply vendor-provided patches or updates to version 14.55 or later
- Monitor for suspicious activity related to the tunnel protocol
- Implement compensating controls to detect and prevent DoS attacks
- Review and verify the configuration of affected systems
Evidence notes
The CVE record was published on 2026-07-15T21:16:54.980Z and was last modified on 2026-07-16T16:27:38.407Z. The NVD entry is currently Analyzed. This memory management vulnerability affects Secure Access clients and servers prior to version 14.55, allowing attackers with intimate knowledge of and total control over the tunnel protocol to create a non-persistent Denial of Service (DoS) against the server. Evidence is based on CVE and NVD information.
Official resources
-
CVE-2026-55398 CVE record
CVE.org
-
CVE-2026-55398 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T21:16:54.980Z and has not been modified since then. The NVD entry is currently Analyzed.