PatchSiren

Absolute CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW Absolute CVE published 2026-07-15

CVE-2026-40958

CVE-2026-40958 is an input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client. This vulnerability has a CVSS score of 2.3 and a severity of LOW. The vulnerability affects users of Secure Access clients prior to version 14.55. The CVE record was published on 2026-07-15 [truncated]

LOW Absolute CVE published 2026-07-15

CVE-2026-40956

CVE-2026-40956 is a memory disclosure vulnerability in Secure Access client versions prior to 14.55. The vulnerability allows attackers with intimate knowledge of and total control over the tunnel protocol to cause a small amount of random memory to leak. This issue has a CVSS score of 2.1, indicating low severity. Users of affected versions should verify their deployments and plan for updates or mitigations.

LOW Absolute CVE published 2026-07-15

CVE-2026-40954

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. This vulnerability allows attackers with intimate knowledge of and total control over the tunnel protocol to create a non-persistent Denial of Service (DoS) against their client. The vulnerability has a CVSS score of 2.1 and is classified as LOW severity. Administrators and securit [truncated]

MEDIUM Absolute CVE published 2026-07-15

CVE-2026-40953

CVE-2026-40953 is a heap overflow vulnerability in the certificate parsing function of Secure Access clients prior to version 14.55. An attacker with local access and administrator permissions can exploit this vulnerability to create a denial of service attack against the client. The vulnerability has a CVSS score of 6.7 and a severity of MEDIUM. The CVE record was published on 2026-07-15T20:16:58.077Z an [truncated]

HIGH Absolute CVE published 2026-07-15

CVE-2026-40952

CVE-2026-40952 is a high-severity privilege misconfiguration vulnerability in the Secure Access installer for Windows client and server prior to version 14.55. Attackers with local access can exploit it to elevate privileges to Administrator when Secure Access is installed in a non-default location. This vulnerability has a significant impact on organizations using Secure Access in non-standard installati [truncated]

HIGH Absolute CVE published 2026-07-15

CVE-2026-33443

A memory management error was found in Secure Access servers prior to version 14.55. This issue allows attackers with intimate knowledge of and total control over the tunnel protocol to create a persistent denial-of-service (DoS) against the server. The vulnerability has a CVSS score of 7.1, indicating a high severity level. Administrators and security teams should be aware of this vulnerability and take [truncated]