SecureAge CatchPulse IOCTL saappctl.sys information disclosure_CVE-2026-11459

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-11459

Source VulDB

Published Jun 7, 2026 at 08:15

Affected Product

Vendor SecureAge

Product CatchPulse

Version 10.9.0

Affected Versions SecureAge CatchPulse 10.9.0
SecureAge CatchPulse 10.9.1

CWE Classification

CWE-200 CWE-284

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-06-07T08:15:17.193Z",
    "modified": "2026-06-07T08:15:17.193Z",
    "type": "cve",
    "title": "SecureAge CatchPulse IOCTL saappctl.sys information disclosure",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369078\nhttps://vuldb.com/vuln/369078/cti\nhttps://vuldb.com/cve/CVE-2026-11459\nhttps://vuldb.com/submit/829131\nhttps://vandalsuidaho-my.sharepoint.com/:w:/g/personal/higg2059_vandals_uidaho_edu/IQBo2bcYM-FJTpon1vC0En0vAS3OerOp4Nf0EeZIU4u9mgY?e=XAT64X",
    "id": "CVE-2026-11459",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "SecureAge CatchPulse 10.9.0\nSecureAge CatchPulse 10.9.1",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CatchPulse",
    "version": "10.9.0",
    "vendor": "SecureAge",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}