Information Disclosure Vulnerability in SecureAge CatchPulse Software
CVE-2026-11459
Key Information:
- Vendor
Secureage
- Status
- Vendor
- CVE Published:
- 7 June 2026
Badges
What is CVE-2026-11459?
A security vulnerability found in SecureAge CatchPulse, specifically in the IOCTL Handler's saappctl.sys component, enables information disclosure. This vulnerability requires local access for exploitation, making it a significant risk if unauthorized users acquire access to the system. Publicly disclosed exploits demonstrate the potential for misuse, underscoring the importance of immediate action for users of affected versions.
Affected Version(s)
CatchPulse 10.9.0
CatchPulse 10.9.1
CatchPulse 10.9.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
