Privilege Misconfiguration in Secure Access Installer for Windows Client and Server
CVE-2026-40952

8.5HIGH

Key Information:

Vendor
CVE Published:
15 July 2026

What is CVE-2026-40952?

A privilege misconfiguration exists in the Secure Access installer for Windows clients and servers prior to version 14.55. This vulnerability enables attackers with local access to elevate their privileges to Administrator status when Secure Access is improperly installed in a non-default location, potentially leading to unauthorized access and control over the affected systems.

Affected Version(s)

Secure Access 0 < 14.55

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.