Cyber Resilience

CVE-2026-33451

High

Published: 30 April 2026

Published
30 April 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0010 1.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-33451 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Absolute Secure Access. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Arbitrary read/write in local Windows client directly enables local privilege escalation to SYSTEM via API abuse (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

absolute
secure access
≤ 14.50

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References