CVE-2026-33451
Arbitrary read/write vulnerability in Windows clients prior to 14.50
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
30 Apr 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure
Access Windows client prior to 14.50. Attackers with local control of
the Windows client can send malformed data to an API and elevate their
level of privilege to system.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Absolute Software · Secure Access