Heap-Based Buffer Overflow in SecureAge Technology's CatchPulse Driver
CVE-2026-15506
Key Information:
- Vendor
Secureage
- Status
- Vendor
- CVE Published:
- 12 July 2026
Badges
What is CVE-2026-15506?
A security vulnerability has been identified in the SecureAge CatchPulse product, affecting versions up to 10.9.3. The vulnerability resides in an unknown function within the saappctl.sys driver component, which may allow a locally executed attack to manipulate memory, resulting in a heap-based buffer overflow. This flaw has been disclosed publicly, raising concerns about potential exploitation. SecureAge Technology was notified about this issue prior to public disclosure, emphasizing the need for users to implement appropriate security measures and apply updates promptly.
Affected Version(s)
CatchPulse 10.9.0
CatchPulse 10.9.1
CatchPulse 10.9.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
