CVE-2026-33451
Arbitrary Read/Write in Secure Access Windows Client
Publication date: 2026-04-30
Last updated on: 2026-05-05
Assigner: NetMotion Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| absolute | secure_access | to 14.50 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33451 is an arbitrary read/write vulnerability found in the Secure Access Windows client versions prior to 14.50. This vulnerability allows attackers who have local control of the Windows client to send malformed data to an API, which can then be exploited to elevate their privileges to the system level.
How can this vulnerability impact me? :
This vulnerability can have a significant impact as it allows an attacker with local access to the Windows client to escalate their privileges to system level. This means the attacker could gain full control over the affected system, potentially leading to unauthorized access, data manipulation, or disruption of system operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-33451 vulnerability, users should update the Secure Access Windows client to version 14.50 or later.
This update addresses the arbitrary read/write vulnerability that allows local attackers to escalate privileges to SYSTEM level.