CVE-2026-0519
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-17

Last updated on: 2026-02-02

Assigner: NetMotion Software

Description
In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-17
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-18
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0519
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
absolute_software secure_access to 14.20 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in Absolute Software's Secure Access versions 12.70 and earlier up to but not including 14.20. The logging subsystem may write unredacted authentication tokens to log files under certain configurations. This means that sensitive authentication tokens can be exposed in logs, allowing anyone with access to those logs to read and potentially reuse the tokens to gain unauthorized access to integrated systems. [1]

Impact Analysis

If exploited, this vulnerability can lead to unauthorized access to integrated systems by exposing authentication tokens in logs. Any party with access to these logs could read the tokens and reuse them, potentially compromising system confidentiality and integrity. However, exploitation requires local access and high privileges, and the impact on availability and authentication is minimal. [1]

Detection Guidance

To detect this vulnerability, you should inspect the log files of Secure Access versions 12.70 and earlier up to but not including 14.20 for unredacted authentication tokens. Since the vulnerability involves tokens being written to logs under certain configurations, searching log files for patterns resembling authentication tokens can help identify exposure. Specific commands depend on your system, but for example, on a Unix-like system, you might use commands like 'grep' to search logs for token patterns, e.g., 'grep -r "token" /path/to/secure_access/logs'. Additionally, reviewing configuration files to check logging settings that might cause token leakage is recommended. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to log files to authorized personnel only to prevent unauthorized reading of authentication tokens. Additionally, review and update the Secure Access software to version 14.20 or later where this vulnerability is fixed. If updating is not immediately possible, adjust logging configurations to avoid logging sensitive authentication tokens. Monitoring and auditing access to logs can also help detect any misuse. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0519. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart