CVE-2026-11459
Information Disclosure in SecureAge CatchPulse via saappctl.sys
Publication date: 2026-06-07
Last updated on: 2026-06-07
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| secureage | catchpulse | to 10.9.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The main impact of this vulnerability is information disclosure, meaning that sensitive or confidential information could be exposed to unauthorized users.
Since local access is required, an attacker would need to have some level of access to the affected system to exploit this vulnerability.
The CVSS v3.1 base score of 3.3 indicates a low severity impact, primarily affecting confidentiality without impacting integrity or availability.
Can you explain this vulnerability to me?
This vulnerability exists in SecureAge CatchPulse up to version 10.9.1, specifically in an unknown function within the saappctl.sys library component called the IOCTL Handler. The vulnerability allows an attacker with local access to manipulate the system in a way that leads to information disclosure.
The exploit for this vulnerability has been publicly disclosed and may be used by attackers. The vendor was informed early but did not respond.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability leads to information disclosure through manipulation of an unknown function in the saappctl.sys library component. Since it involves local access and results in information disclosure, it could potentially impact compliance with standards and regulations that require protection of sensitive data, such as GDPR and HIPAA.
However, the provided context does not specify any direct effects or assessments related to compliance with these standards or regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the SecureAge CatchPulse software up to version 10.9.1, specifically an unknown function in the saappctl.sys library related to the IOCTL Handler. Detection requires local access to the system.
Since the vulnerability involves a local driver component (saappctl.sys), detection would typically involve checking for the presence and version of this driver on the system.
- On Windows systems, you can use the command: "sc query saappctl" to check if the driver service is installed and running.
- Use "driverquery /v | findstr saappctl.sys" to verify the driver version and presence.
- Check the installed version of SecureAge CatchPulse software to see if it is up to 10.9.1, which is vulnerable.
No specific detection commands or signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability requires local access and leads to information disclosure via the saappctl.sys driver in SecureAge CatchPulse up to version 10.9.1.
Immediate mitigation steps include:
- Restrict local access to trusted users only to reduce the risk of exploitation.
- Monitor and audit local user activities to detect any suspicious behavior.
- If possible, uninstall or disable the SecureAge CatchPulse software until a patch or update is available.
- Contact SecureAge for updates or patches, although the vendor has not responded to this disclosure yet.
No official patches or vendor guidance are currently available according to the provided information.