Back to overview

CVE-2026-40952

HIGH
8.5
CVSS 4.0
Description
CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location.

Metadata

CVE ID
CVE-2026-40952
State
PUBLISHED
Assigner
Absolute
Reserved
2026-04-16 00:19 UTC
Published
2026-07-15 19:32 UTC
Last updated
2026-07-16 13:06 UTC
Primary CWE
CWE-276
CWE-276 Incorrect Default Permissions
Vendor / Product
Absolute Security / Secure Access
Sources
cve.org  ·  NVD

Severity & Metrics

8.5 HIGH CVSS 4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
Absolute Security Secure Access 0 < 14.55
Weakness (CWE)
CWESourceDescription
CWE-276 adp CWE-276 Incorrect Default Permissions
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.5 HIGH 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N
Back to overview