Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (Absolute) · only source for this CVE.
CVSS VectorVendor: Absolute
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server.
AnalysisAI
Persistent denial-of-service in Absolute Secure Access servers before version 14.55 allows an authenticated tunnel participant to permanently crash or wedge the server by abusing the tunnel protocol. The CVSS 4.0 vector (7.1, PR:L, VA:H) confirms an availability-only impact requiring some level of tunnel authentication, with no confidentiality or integrity effect despite a mislabeled 'Information Disclosure' tag. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, complete an inventory of all Absolute Secure Access deployments and their versions, then enable audit logging for tunnel protocol activity and review access controls limiting who can participate in tunnels. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Secure Access
View allPersistent denial-of-service in Absolute Secure Access servers before version 14.55 allows a remote attacker with deep,
Local privilege escalation in Absolute Secure Access for Windows (client and server) before version 14.55 allows a low-p
Memory management vulnerability in Absolute Secure Access server versions 9.0 through 13.54 that allows unauthenticated,
Secure Access Server versions before 14.20 are vulnerable to a network-based denial-of-service attack where unauthentica
Buffer overflow in Absolute Secure Access server (versions before 14.50) allows authenticated remote attackers with modi
Memory management flaw in Absolute Secure Access prior to version 14.55 allows a remote attacker with deep protocol know
Non-persistent denial-of-service against Absolute Secure Access servers prior to version 14.55 is achievable by an attac
Heap overflow in Absolute Security Secure Access client certificate parsing causes a local denial of service. Versions p
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the c
Frameable content on the Absolute Secure Access server login page (versions prior to 14.55) enables clickjacking attacks
There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to
There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prio
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44796