{"cve":{"cve_id":"CVE-2026-33451","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00104,"epss_percentile":0.01257,"epss_as_of":"2026-06-23","description":"CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure \nAccess Windows client prior to 14.50. Attackers with local control of \nthe Windows client can send malformed data to an API and elevate their \nlevel of privilege to system.","published_at":"2026-04-30T20:08:03.213000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":8.5,"cvss_v4_vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","cvss_v4_severity":"HIGH","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-125"],"nvd_references":["https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33451"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:29:53.836916Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"absolute-software","vendor_name":"Absolute Software","product_slug":"secure-access","product_name":"Secure Access","version_start":"0","version_start_inclusive":true,"version_end":"14.50","version_end_inclusive":false,"cpe23_uri":"cve5:absolute-software:secure-access:0:14.50"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33451","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-04-30T20:08:03.213000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:53:15.351162Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:15.351162Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:15.351162Z","label":"CVSS score revised","source":"cvelistv5"}]}