Back to overview

CVE-2026-15506

HIGH
7.8
CVSS 3.1
Description
A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.

Metadata

CVE ID
CVE-2026-15506
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-12 05:44 UTC
Published
2026-07-12 21:30 UTC
Last updated
2026-07-12 21:30 UTC
Primary CWE
CWE-122
Heap-based Buffer Overflow
Vendor / Product
SecureAge / CatchPulse
Sources
cve.org  ·  NVD

Severity & Metrics

7.8 HIGH CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
SecureAge CatchPulse 10.9.0, 10.9.1, 10.9.2, 10.9.3
Weakness (CWE)
CWESourceDescription
CWE-119 cna Memory Corruption
CWE-122 cna Heap-based Buffer Overflow
CVSS scores (4)
ScoreSeverityVersionSourceVector
8.5 HIGH 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
7.8 HIGH 3.1 cna CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
7.8 HIGH 3.0 cna CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
6.8 N/D 2.0 cna AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
References (6)
Back to overview