{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-33451","assignerOrgId":"b6533044-ea05-4482-8458-7bddeca0d079","state":"PUBLISHED","assignerShortName":"Absolute","dateReserved":"2026-03-19T23:04:05.696Z","datePublished":"2026-04-30T20:08:03.213Z","dateUpdated":"2026-05-01T14:36:19.832Z"},"containers":{"cna":{"providerMetadata":{"orgId":"b6533044-ea05-4482-8458-7bddeca0d079","shortName":"Absolute","dateUpdated":"2026-04-30T20:08:03.213Z"},"title":"Arbitrary read/write vulnerability in Windows clients prior to 14.50","affected":[{"vendor":"Absolute Software","product":"Secure Access","platforms":["Windows"],"modules":["Windows client"],"versions":[{"status":"affected","version":"0","lessThan":"14.50","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure \nAccess Windows client prior to 14.50. Attackers with local control of \nthe Windows client can send malformed data to an API and elevate their \nlevel of privilege to system.","supportingMedia":[{"type":"text/html","base64":false,"value":"CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure \nAccess Windows client prior to 14.50. Attackers with local control of \nthe Windows client can send malformed data to an API and elevate their \nlevel of privilege to system."}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33451"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":8.5,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-125","lang":"en","description":"CWE-125 Out-of-bounds Read"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-01T14:36:03.654479Z","id":"CVE-2026-33451","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-01T14:36:19.832Z"}}]}}