PatchSiren

Absolute Security CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Absolute Security CVE published 2026-07-15

CVE-2026-40957

CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator. This vulnerability has a CVSS score of 6.1 and is classified as MEDIUM severity. The vulnerability allows attackers to potentially steal credentials from administrators who are t [truncated]

LOW Absolute Security CVE published 2026-07-15

CVE-2026-40955

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. This vulnerability allows attackers with intimate knowledge of and total control over the tunnel protocol to create a non-persistent Denial of Service (DoS) against their client. The vulnerability has a CVSS score of 2.1, indicating a low severity. Users of Secure Access clients pr [truncated]