Arbitrary read/write vulnerability in Windows clients prior to 14.50

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure
Access Windows client prior to 14.50. Attackers with local control of
the Windows client can send malformed data to an API and elevate their
level of privilege to system.

AI Analysis

Arbitrary read/write vulnerability allowing attackers to elevate privileges to system level

Basic Information

ID CVE-2026-33451

Source Absolute

Published Apr 30, 2026 at 20:08

Affected Product

Vendor Absolute Software

Product Secure Access

Affected Versions Absolute Software Secure Access 0

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Absolute Software

Product Secure Access

Version prior to 14.50

References

www.absolute.com /platform/security-information/vulnerability-archive/cve-2026-33451

{
    "lastseen": "",
    "description": "CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure \nAccess Windows client prior to 14.50. Attackers with local control of \nthe Windows client can send malformed data to an API and elevate their \nlevel of privilege to system.",
    "published": "2026-04-30T20:08:03.213Z",
    "modified": "2026-04-30T20:08:03.213Z",
    "type": "cve",
    "title": "Arbitrary read/write vulnerability in Windows clients prior to 14.50",
    "source": "Absolute",
    "references": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33451",
    "id": "CVE-2026-33451",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Absolute Software Secure Access 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Secure Access",
    "version": "0",
    "vendor": "Absolute Software",
    "ai_description": "Arbitrary read/write vulnerability allowing attackers to elevate privileges to system level",
    "ai_severity": "High",
    "ai_vendor": "Absolute Software",
    "ai_product": "Secure Access",
    "ai_version": "prior to 14.50",
    "ai_score": 8.5
}

Arbitrary read/write vulnerability in Windows clients prior to 14.50_CVE-2026-33451