CVE-2026-40958 is an input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client. This vulnerability has a CVSS score of 2.3 and a severity of LOW. The vulnerability affects users of Secure Access clients prior to version 14.55. The CVE record was published on 2026-07-15 [truncated]
CVE-2026-40956 is a memory disclosure vulnerability in Secure Access client versions prior to 14.55. The vulnerability allows attackers with intimate knowledge of and total control over the tunnel protocol to cause a small amount of random memory to leak. This issue has a CVSS score of 2.1, indicating low severity. Users of affected versions should verify their deployments and plan for updates or mitigations.
CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. This vulnerability allows attackers with intimate knowledge of and total control over the tunnel protocol to create a non-persistent Denial of Service (DoS) against their client. The vulnerability has a CVSS score of 2.1 and is classified as LOW severity. Administrators and securit [truncated]
CVE-2026-40953 is a heap overflow vulnerability in the certificate parsing function of Secure Access clients prior to version 14.55. An attacker with local access and administrator permissions can exploit this vulnerability to create a denial of service attack against the client. The vulnerability has a CVSS score of 6.7 and a severity of MEDIUM. The CVE record was published on 2026-07-15T20:16:58.077Z an [truncated]
CVE-2026-40952 is a high-severity privilege misconfiguration vulnerability in the Secure Access installer for Windows client and server prior to version 14.55. Attackers with local access can exploit it to elevate privileges to Administrator when Secure Access is installed in a non-default location. This vulnerability has a significant impact on organizations using Secure Access in non-standard installati [truncated]
A memory management error was found in Secure Access servers prior to version 14.55. This issue allows attackers with intimate knowledge of and total control over the tunnel protocol to create a persistent denial-of-service (DoS) against the server. The vulnerability has a CVSS score of 7.1, indicating a high severity level. Administrators and security teams should be aware of this vulnerability and take [truncated]