Cross-Site Scripting Vulnerability in Secure Access by Absolute Software
CVE-2026-0518

4.8MEDIUM

Key Information:

Vendor: Absolute Security
Status: Secure Access
Vendor: CVE Published:; 17 January 2026

🔔 Create Absolute Security Vulnerability Alert

What is CVE-2026-0518?

A cross-site scripting vulnerability exists in versions of Secure Access prior to 14.20. An attacker with administrative privileges can exploit this flaw to interfere with another administrator's console session. This could lead to unauthorized actions or exposure of sensitive information. It is crucial for users of Secure Access to apply the necessary updates to mitigate potential security risks.

Affected Version(s)

Secure Access 0 < 14.20

References

https://www.absolute.com/platform/security-information/vu...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jan 17, 2026
Vulnerability Reserved
Dec 12, 2025

JSON