CVE-2026-40954
LOW
2.1
CVSS 4.0
Description
CVE-2026-40954
is an integer underflow vulnerability in the traffic parsing function of Secure
Access clients prior to 14.55. Attackers with intimate knowledge of and total
control over the tunnel protocol can create a non-persistent DoS against their
client
Metadata
Severity & Metrics
2.1
LOW CVSS 4.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Absolute Security | Secure Access | — | 0 < 14.55 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-191 | adp | CWE-191 Integer Underflow (Wrap or Wraparound) |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 2.1 | LOW | 4.0 | cna | CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
References (1)