3.7 CVE-2026-40954

Enriched by CISA
 

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client
https://nvd.nist.gov/vuln/detail/CVE-2026-40954

Categories

CWE-191 : Integer Underflow (Wrap or Wraparound)
This can happen in signed and unsigned cases.

References

SecurityResponse@netmotionsoftware.com


 

AFFECTED (from MITRE)


Vendor Product Versions
Absolute Security Secure Access
  • < 14.55 [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end
Configuration 1
cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:* < 14.55


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry