CVE-2026-33451

HIGH

Absolute Secure Access Windows Client < 14.50 - Arbitrary Read/Write Privilege Escalation

Title source: manual

Description

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.

References (1)

Core 1

Core References

https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33451

Scores

CVSS v3 7.8

EPSS 0.0010

EPSS Percentile 1.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-125

Status published

Products (2)

absolute/secure_access < 14.50

Absolute Software/Secure Access < 14.50

Published Apr 30, 2026

Tracked Since May 01, 2026