CVE-2026-40954 PUBLISHED

Integer underflow in Secure Access clients prior to 14.55

Assigner: Absolute
Reserved: 16.04.2026 Published: 15.07.2026 Updated: 16.07.2026

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVSS Score: 2.1

Product Status

Vendor Absolute Security
Product Secure Access
Versions Default: unaffected
  • affected from 0 to 14.55 (excl.)

References