Skip to main content

SecureAge CatchPulse CVE-2026-11459

| EUVD-2026-34989 LOW
Information Exposure (CWE-200)
2026-06-07 VulDB GHSA-pw43-h2x7-pm54
Information Disclosure Catchpulse
1.9
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulDB) · only source for this CVE.

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
Jun 07, 2026 - 10:22 NVD
3.3 (LOW) 1.9 (LOW)
CVSS changed
Jun 07, 2026 - 10:22 NVD
3.3 (LOW) 1.9 (LOW)
Analysis Generated
Jun 07, 2026 - 09:43 vuln.today

DescriptionCVE.org

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Information disclosure in SecureAge CatchPulse (versions up to 10.9.1) is triggered through an improperly secured IOCTL handler within the saappctl.sys kernel-mode driver, allowing a low-privileged local user to extract sensitive data from the driver's memory space. A public proof-of-concept exploit exists per VulDB reporting, increasing the likelihood of opportunistic local use - particularly as a reconnaissance step within a broader privilege escalation chain. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privilege shell on CatchPulse host
Delivery
Enumerate loaded kernel drivers to confirm saappctl.sys is active
Exploit
Open device handle to saappctl.sys
Execution
Send crafted IOCTL control code to vulnerable handler
Persist
Receive improperly disclosed kernel or driver memory data
Impact
Use leaked data (e.g., kernel pointers) to support follow-on local privilege escalation
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Local authenticated access is required - CVSS PR:L confirms a low-privileged OS account (standard user) is sufficient; no administrative rights are needed to trigger the vulnerability. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.3 base score (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) reflects a low-severity, locally exploitable information disclosure with no integrity or availability impact and a constrained confidentiality loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged attacker with a local user account on a Windows endpoint running SecureAge CatchPulse up to version 10.9.1 opens a handle to the saappctl.sys driver device and sends a crafted IOCTL code targeting the vulnerable handler, causing the driver to return sensitive memory contents or internal state data. A public proof-of-concept document is available from a University of Idaho SharePoint resource (linked in VulDB), providing a ready reference for replicating the technique. …
Remediation No vendor-released patch has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-11459 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy