Absolute Secure Access — known CVE vulnerabilities
Every CVE whose affected-product data names Absolute Secure Access, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (39)
CVE-2026-33446 — CVSS 9.8 (critical): CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of…
CVE-2026-33447 — CVSS 9.8 (critical): CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a…
CVE-2025-49084 — CVSS 9.1 (critical): CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative…
CVE-2026-33451 — CVSS 7.8 (high): CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of…
CVE-2025-59595 — CVSS 7.5 (high): CVE-2025-59595 is an internally discovered denial of service vulnerability in versions of Secure Access prior to 14.12. An attacker can…
CVE-2026-33449 — CVSS 7.5 (high): CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a…
CVE-2025-49080 — CVSS 7.5 (high): There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the…
CVE-2026-0517 — CVSS 7.5 (high): CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure Access Server prior to 14.20. An attacker can send a specially…
CVE-2025-49083 — CVSS 7.2 (high): CVE-2025-49083 is a vulnerability in the management console of Absolute Secure Access after version 12.00 and prior to version 13.56…
CVE-2024-37350 — CVSS 6.5 (medium): There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can…
CVE-2025-59596 — CVSS 6.5 (medium): CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version…
CVE-2026-40950 — CVSS 6.5 (medium): CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client…
CVE-2025-54088 — CVSS 6.1 (medium): CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect…
CVE-2025-27703 — CVSS 6.0 (medium): CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54…
CVE-2026-40951 — CVSS 5.5 (medium): CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the…
CVE-2026-33450 — CVSS 5.5 (medium): CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a…
CVE-2026-33452 — CVSS 5.5 (medium): CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the…
CVE-2024-37345 — CVSS 5.3 (medium): There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06…
CVE-2024-37346 — CVSS 4.9 (medium): There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with…
CVE-2025-27702 — CVSS 4.9 (medium): CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative…
CVE-2025-49081 — CVSS 4.9 (medium): There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55…
CVE-2024-37343 — CVSS 4.8 (medium): There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06…
CVE-2026-0518 — CVSS 4.8 (medium): CVE-2026-0518 is a cross-site scripting vulnerability in versions of Secure Access prior to 14.20. An attacker with administrative…
CVE-2024-37348 — CVSS 4.5 (medium): There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system…
CVE-2024-37344 — CVSS 4.5 (medium): There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with…
CVE-2024-40873 — CVSS 4.5 (medium): There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07…
CVE-2024-37352 — CVSS 4.5 (medium): There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers…
CVE-2024-37351 — CVSS 4.5 (medium): There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system…
CVE-2024-37349 — CVSS 4.5 (medium): There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system…
CVE-2024-37347 — CVSS 4.5 (medium): There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to…
CVE-2026-40949 — CVSS 4.4 (medium): CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the…
CVE-2025-54085 — CVSS 3.8 (low): CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative…
CVE-2025-27706 — CVSS 3.4 (low): CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54…
CVE-2025-54089 — CVSS 3.4 (low): CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to…
CVE-2026-0519 — CVSS 3.4 (low): In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain…
CVE-2026-33448 — CVSS 3.3 (low): CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with…
CVE-2025-54086 — CVSS 3.3 (low): CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10…
CVE-2025-49082 — CVSS 2.7 (low): CVE-2025-49082 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative…
CVE-2025-54087 — CVSS 2.6 (low): CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative…