Which versions of Absolute Secure Access are affected by CVE-2026-40950?

Absolute Secure Access server versions prior to 14.50 contain a buffer overflow vulnerability that allows authenticated users with modified client software to cause service disruption.. A patch is available.

Absolute Secure Access CVE-2026-40950

Q: What is the CVSS score of CVE-2026-40950?

CVE-2026-40950 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-26430 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-30 Absolute

Buffer Overflow Stack Overflow

7.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch released

May 01, 2026 - 15:28 nvd

Patch available

Analysis Generated

Apr 30, 2026 - 23:30 vuln.today

Patch available

Apr 30, 2026 - 22:02 EUVD

CVSS changed

Apr 30, 2026 - 21:22 NVD

7.1 (HIGH)

EUVD ID Assigned

Apr 30, 2026 - 20:45 euvd

EUVD-2026-26430

Analysis Generated

Apr 30, 2026 - 20:45 vuln.today

CVE Published

Apr 30, 2026 - 20:19 nvd

HIGH 7.1

DescriptionNVD

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service

AnalysisAI

Buffer overflow in Absolute Secure Access server (versions before 14.50) allows authenticated remote attackers with modified client software to crash the server through specially crafted messages. This denial-of-service vulnerability requires low-privilege authentication and presents moderate real-world risk given the client modification prerequisite. …

RemediationAI

Within 24 hours: inventory all Absolute Secure Access deployments and identify current version numbers. Within 7 days: upgrade all instances to version 14.50 or later per vendor patch release. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40950 vulnerability details – vuln.today

Back

Absolute Secure Access CVE-2026-40950

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Absolute Secure Access CVE-2026-40950

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code