Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service.
AnalysisAI
Out-of-bounds read in Absolute Secure Access macOS client prior to version 14.50 allows remote attackers with control of a modified server to send malformed packets triggering denial of service. The vulnerability requires high attack complexity (modified server infrastructure and user interaction) and results in availability impact only, with a low CVSS score of 2.3 reflecting limited real-world severity despite network accessibility.
Technical ContextAI
The vulnerability is an out-of-bounds read condition in the Secure Access macOS client, a network security and device management solution by Absolute Software. Out-of-bounds reads occur when software attempts to access memory locations outside the bounds of allocated buffers, typically during packet parsing or protocol handling. The CVSS vector indicates network attack vector with high complexity (AC:H) and user interaction required (UI:P), suggesting the vulnerability resides in client-side packet parsing logic triggered by a specially crafted network packet. The condition is limited to macOS platforms and does not affect confidentiality or integrity-only availability (VA:L) is impacted, consistent with denial-of-service outcomes from memory read errors.
RemediationAI
Upgrade Secure Access macOS client to version 14.50 or later to resolve the out-of-bounds read vulnerability. The vendor has released a patch; administrators should deploy this update across all macOS endpoints running Secure Access. For environments unable to patch immediately, restrict network access to trusted servers only and educate users not to interact with unknown or suspicious network sources. Implement network segmentation to limit potential attack surface from compromised or rogue servers. Monitor for any denial-of-service incidents on patched and unpatched clients. Refer to https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33450 for patch availability and deployment guidance.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26422