Vulnerabilities ›

CVE-2026-33451

High

CWE-125 — Weakness Type

                    Published: Apr 30, 2026                      ·  Modified: May 7, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure
Access Windows client prior to 14.50. Attackers with local control of
the Windows client can send malformed data to an API and elevate their
level of privilege to system.

🤖 AI Executive Summary

CVE-2026-33451 is an arbitrary read/write vulnerability in Secure Access Windows client versions before 14.50 that allows local attackers to escalate privileges to system level through malformed API requests. Organizations must immediately update to version 14.50 or later to mitigate this critical privilege escalation risk.

📄 Description (Arabic)

تتعلق هذه الثغرة بقابلية القراءة والكتابة التعسفية في عميل Secure Access Windows قبل الإصدار 14.50. يمكن للمهاجمين الذين لديهم تحكم محلي على نظام Windows استخدام بيانات مشوهة لإرسالها إلى واجهة برمجية (API) وتصعيد امتيازاتهم إلى مستوى النظام.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 5, 2026 06:50

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1548.004 T1547.001 T1566.002

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Update Secure Access Windows client to version 14.50 or later immediately. Restrict local administrative access to affected systems. Monitor for suspicious API calls and privilege escalation attempts. Implement application whitelisting to prevent unauthorized code execution.

🔧 خطوات المعالجة (العربية)

قم بتحديث عميل Secure Access Windows إلى الإصدار 14.50 أو أحدث فوراً. قيّد الوصول الإداري المحلي للأنظمة المتأثرة. راقب محاولات استدعاءات API المريبة وتصعيد الامتيازات. طبّق قائمة التطبيقات المسموحة لمنع تنفيذ الأكواد غير المصرح بها.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC-1.1 ECC-2.2 ECC-3.1

🔵 SAMA CSF

ID.AM-2 PR.PT-3 DE.CM-1

🟡 ISO 27001:2022

A.12.2.1 A.12.6.1 A.14.2.1

🔗 References & Sources 1

🔗

https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-3...

SecurityResponse@netmotionsoftware.com

Vendor Advisory

📦 Affected Products / CPE 1 entries

absolute:secure_access

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-125

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-04-30

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-125

🏢 Vendor Advisories

🔗 https://www.absolute.com/platform/security-informati...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-33451

💬 Comments

Introduce Yourself

Sign In Required