Memory Management Vulnerability in Secure Access Clients and Servers by Absolute
CVE-2026-55398

6.9MEDIUM

Key Information:

Vendor
CVE Published:
15 July 2026

What is CVE-2026-55398?

A memory management vulnerability has been identified in Absolute's Secure Access clients and servers, specifically affecting versions before 14.55. This flaw can be exploited by attackers who possess detailed knowledge of the tunnel protocol, allowing them to initiate a non-persistent denial of service (DoS) against the server. Consequently, the affected systems can become unresponsive, impacting availability and service continuity. Organizations using these vulnerable products should take immediate measures to update to the latest version to mitigate potential risks.

Affected Version(s)

Secure Access 0 < 14.55

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.