CVE-2026-0519

LOW

Absolute Secure Access < 14.20 - Log Information Exposure

Title source: rule

Description

In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system.

References (1)

[Vendor Advisory] https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-0519

Scores

CVSS v3 3.4

EPSS 0.0002

EPSS Percentile 5.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (1)

absolute/secure_access 12.70 - 14.20

Published Jan 17, 2026

Tracked Since Feb 18, 2026