Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-33445

CVE-2026-33445: Secure Access Servers DoS Vulnerability

CVE-2026-33445 is a memory management DoS flaw in Secure Access servers prior to 14.55 that enables persistent denial of service attacks. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-33445 Overview

CVE-2026-33445 is a memory management vulnerability in Absolute Secure Access servers running versions prior to 14.55. The flaw resides in the tunnel protocol handling path and enables an unauthenticated network attacker to trigger a persistent denial of service against the server. Exploitation requires deep, precise knowledge of the proprietary tunnel protocol and the ability to fully control protocol messages. The weakness is categorized as uncontrolled resource consumption [CWE-400]. Successful exploitation halts remote access services for all connected users until the server is manually recovered.

Critical Impact

A remote, unauthenticated attacker with full control over the tunnel protocol can create a persistent denial of service against Secure Access servers, disrupting VPN and remote access availability.

Affected Products

  • Absolute Secure Access server versions prior to 14.55
  • Tunnel protocol handling component of Secure Access
  • Remote access deployments relying on affected Secure Access server builds

Discovery Timeline

  • 2026-07-15 - CVE-2026-33445 published to the National Vulnerability Database
  • 2026-07-16 - Last updated in NVD database

Technical Details for CVE-2026-33445

Vulnerability Analysis

The vulnerability is a memory management defect in the Secure Access server's tunnel protocol implementation. An attacker who understands the tunnel protocol at the byte level can craft messages that cause the server to mishandle memory during protocol parsing or session state tracking. The resulting condition is persistent, meaning the impact does not clear when the attacker disconnects. Availability of the remote access service is lost until an operator intervenes. Confidentiality and integrity are not affected, only availability of the Secure Access server. The weakness maps to [CWE-400] uncontrolled resource consumption. Public EPSS data reports a low near-term exploitation probability, but the network-reachable attack surface elevates operational risk for internet-facing deployments.

Root Cause

The root cause is improper management of memory resources during processing of attacker-controlled tunnel protocol messages. The server does not adequately bound, release, or validate memory associated with protocol state, allowing crafted traffic to drive the process into an unrecoverable resource state.

Attack Vector

The attack vector is network-based and requires no authentication or user interaction. The attacker must have intimate knowledge of the proprietary tunnel protocol and total control over the message stream sent to the server. By sending a specific sequence of malformed or abusive protocol messages, the attacker exhausts or corrupts server-side memory structures, producing a persistent denial of service.

No verified public exploit code or proof-of-concept is available. Technical specifics are described in the Absolute Vulnerability Advisory.

Detection Methods for CVE-2026-33445

Indicators of Compromise

  • Unexpected termination, hang, or repeated restart of the Secure Access server process without a corresponding administrative action
  • Sustained growth of memory usage on the Secure Access server correlated with inbound tunnel protocol traffic
  • Loss of tunnel connectivity for all users concurrent with anomalous inbound sessions from a small set of source addresses

Detection Strategies

  • Monitor Secure Access server logs for parser errors, malformed tunnel protocol messages, and abnormal session teardown events
  • Alert on process availability changes for the Secure Access service and correlate against inbound connection telemetry
  • Inspect network flow records for repeated short-lived tunnel connections from the same source preceding a service outage

Monitoring Recommendations

  • Track server memory, handle counts, and thread counts on Secure Access hosts with thresholds tuned to baseline operating levels
  • Forward Secure Access server and operating system logs to a centralized platform for correlation with network telemetry
  • Establish availability probes against the tunnel service and page on sustained failures to accelerate response

How to Mitigate CVE-2026-33445

Immediate Actions Required

  • Upgrade Absolute Secure Access server to version 14.55 or later on all affected hosts
  • Inventory internet-exposed Secure Access instances and prioritize patching those reachable from untrusted networks
  • Enable alerting on Secure Access service restarts and memory anomalies until patching is complete

Patch Information

Absolute has addressed the vulnerability in Secure Access server version 14.55. Administrators should review the Absolute Vulnerability Advisory for upgrade guidance and verify server build numbers after deployment.

Workarounds

  • Restrict network reachability to the Secure Access server tunnel port using firewall access control lists where operationally feasible
  • Rate-limit or geofence inbound tunnel connections at upstream network devices to reduce exposure to anonymous attackers
  • Configure automated service recovery so the Secure Access process restarts promptly if a denial of service condition is observed, pending patch deployment

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.