Format String Vulnerability in Secure Access Client for MacOS
CVE-2026-33448

4.8MEDIUM

Key Information:

Vendor: Absolute Software
Status: Secure Access
Vendor: CVE Published:; 30 April 2026

🔔 Create Absolute Software Vulnerability Alert

What is CVE-2026-33448?

A format string vulnerability exists in the logging subsystem of the Secure Access client for MacOS prior to version 14.50. Attackers who control a modified server can exploit this vulnerability to cause the client to reveal the contents of a small portion of memory in the log files, potentially exposing sensitive information.

Affected Version(s)

Secure Access MacOS 0 < 14.50

References

https://www.absolute.com/platform/security-information/vu...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Mar 19, 2026

CVE-2026-33448 Data

JSON