Heap-Based Buffer Overflow in SecureAge Technology's CatchPulse Driver
CVE-2026-15506

8.5HIGH

Key Information:

Vendor

Secureage

Vendor
CVE Published:
12 July 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-15506?

A security vulnerability has been identified in the SecureAge CatchPulse product, affecting versions up to 10.9.3. The vulnerability resides in an unknown function within the saappctl.sys driver component, which may allow a locally executed attack to manipulate memory, resulting in a heap-based buffer overflow. This flaw has been disclosed publicly, raising concerns about potential exploitation. SecureAge Technology was notified about this issue prior to public disclosure, emphasizing the need for users to implement appropriate security measures and apply updates promptly.

Affected Version(s)

CatchPulse 10.9.0

CatchPulse 10.9.1

CatchPulse 10.9.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jordanhiggins (VulDB User)
VulDB CNA Team
.