Skip to main content

Secure Access macOS CVE-2026-33450

| EUVDEUVD-2026-26422 LOW
Out-of-bounds Read (CWE-125)
2026-04-30 Absolute
2.3
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.3 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

7
Patch released
May 01, 2026 - 15:28 nvd
Patch available
Analysis Generated
Apr 30, 2026 - 22:45 vuln.today
Patch available
Apr 30, 2026 - 22:02 EUVD
CVSS changed
Apr 30, 2026 - 21:22 NVD
2.3 (LOW)
EUVD ID Assigned
Apr 30, 2026 - 20:30 euvd
EUVD-2026-26422
Analysis Generated
Apr 30, 2026 - 20:30 vuln.today
CVE Published
Apr 30, 2026 - 20:04 nvd
LOW 2.3

DescriptionCVE.org

CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service.

AnalysisAI

Out-of-bounds read in Absolute Secure Access macOS client prior to version 14.50 allows remote attackers with control of a modified server to send malformed packets triggering denial of service. The vulnerability requires high attack complexity (modified server infrastructure and user interaction) and results in availability impact only, with a low CVSS score of 2.3 reflecting limited real-world severity despite network accessibility.

Technical ContextAI

The vulnerability is an out-of-bounds read condition in the Secure Access macOS client, a network security and device management solution by Absolute Software. Out-of-bounds reads occur when software attempts to access memory locations outside the bounds of allocated buffers, typically during packet parsing or protocol handling. The CVSS vector indicates network attack vector with high complexity (AC:H) and user interaction required (UI:P), suggesting the vulnerability resides in client-side packet parsing logic triggered by a specially crafted network packet. The condition is limited to macOS platforms and does not affect confidentiality or integrity-only availability (VA:L) is impacted, consistent with denial-of-service outcomes from memory read errors.

RemediationAI

Upgrade Secure Access macOS client to version 14.50 or later to resolve the out-of-bounds read vulnerability. The vendor has released a patch; administrators should deploy this update across all macOS endpoints running Secure Access. For environments unable to patch immediately, restrict network access to trusted servers only and educate users not to interact with unknown or suspicious network sources. Implement network segmentation to limit potential attack surface from compromised or rogue servers. Monitor for any denial-of-service incidents on patched and unpatched clients. Refer to https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33450 for patch availability and deployment guidance.

Share

CVE-2026-33450 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy