Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local low-privileged attacker (AV:L/PR:L) with full host impact; AC:H because exploitation depends on the non-default install condition, and scope stays on the same host (S:U).
Primary rating from Vendor (Absolute).
CVSS VectorVendor: Absolute
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location.
AnalysisAI
Local privilege escalation in Absolute Secure Access for Windows (client and server) before version 14.55 allows a low-privileged local user to gain Administrator rights when the software is installed to a non-default directory, due to an insecure installer permission configuration. Absolute (formerly NetMotion) assigns this a CVSS 4.0 base score of 8.5 (High), reflecting full local compromise of confidentiality, integrity, and availability. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires an authenticated low-privileged local account (CVSS PR:L) with local access to the affected Windows client or server; no user interaction and no network reachability. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) is internally consistent with the description: exploitation is local and requires an already-authenticated low-privileged foothold, but yields full high-impact compromise of the host. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who already has an ordinary user account on a Windows host where Absolute Secure Access is installed to a non-default folder identifies a writable file or service path within that directory. They replace or plant a binary that the privileged Secure Access service or an Administrator-context process executes, causing their code to run with Administrator privileges. … |
| Remediation | Vendor-released patch: version 14.55 - upgrade both the Windows client and server components of Absolute Secure Access to 14.55 or later, per the Absolute advisory at https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40952. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify and inventory all Windows systems running Absolute Secure Access versions prior to 14.55, prioritizing systems with non-default installations; implement immediate host-level access controls to restrict local user account permissions on affected systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Secure Access
View allPersistent denial-of-service in Absolute Secure Access servers before version 14.55 allows a remote attacker with deep,
Memory management vulnerability in Absolute Secure Access server versions 9.0 through 13.54 that allows unauthenticated,
Secure Access Server versions before 14.20 are vulnerable to a network-based denial-of-service attack where unauthentica
Buffer overflow in Absolute Secure Access server (versions before 14.50) allows authenticated remote attackers with modi
Persistent denial-of-service in Absolute Secure Access servers before version 14.55 allows an authenticated tunnel parti
Memory management flaw in Absolute Secure Access prior to version 14.55 allows a remote attacker with deep protocol know
Non-persistent denial-of-service against Absolute Secure Access servers prior to version 14.55 is achievable by an attac
Heap overflow in Absolute Security Secure Access client certificate parsing causes a local denial of service. Versions p
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the c
Frameable content on the Absolute Secure Access server login page (versions prior to 14.55) enables clickjacking attacks
There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to
There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prio
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44779