Skip to content
CVSS 7.8 · HIGH

CVE-2026-33451

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.

Ver en NVD

Análisis

Absolute Secure Access (formerly NetMotion) is a standard enterprise VPN and ZTNA solution. A local privilege escalation to SYSTEM in a security client is a high-impact finding for enterprise IT environments, even if it requires an initial foothold on the machine.

Severidad

Puntaje: 7.8(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-125

EPSS

Probabilidad de explotación (próx. 30 días): 0.0001 (0.0%)
Percentil: 2.9%
EPSS: 2026-05-06

Afecta

absolute:secure_accessmicrosoft:windows

Descripción técnica

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.

Publicada: 30/4/2026, 21:16:31
Última modificación: 5/5/2026, 2:31:24

Referencias

InicioEventosBlogRecursosEquipo