CVE-2026-33445 Overview
CVE-2026-33445 is a memory management vulnerability in Absolute Secure Access servers running versions prior to 14.55. The flaw resides in the tunnel protocol handling path and enables an unauthenticated network attacker to trigger a persistent denial of service against the server. Exploitation requires deep, precise knowledge of the proprietary tunnel protocol and the ability to fully control protocol messages. The weakness is categorized as uncontrolled resource consumption [CWE-400]. Successful exploitation halts remote access services for all connected users until the server is manually recovered.
Critical Impact
A remote, unauthenticated attacker with full control over the tunnel protocol can create a persistent denial of service against Secure Access servers, disrupting VPN and remote access availability.
Affected Products
- Absolute Secure Access server versions prior to 14.55
- Tunnel protocol handling component of Secure Access
- Remote access deployments relying on affected Secure Access server builds
Discovery Timeline
- 2026-07-15 - CVE-2026-33445 published to the National Vulnerability Database
- 2026-07-16 - Last updated in NVD database
Technical Details for CVE-2026-33445
Vulnerability Analysis
The vulnerability is a memory management defect in the Secure Access server's tunnel protocol implementation. An attacker who understands the tunnel protocol at the byte level can craft messages that cause the server to mishandle memory during protocol parsing or session state tracking. The resulting condition is persistent, meaning the impact does not clear when the attacker disconnects. Availability of the remote access service is lost until an operator intervenes. Confidentiality and integrity are not affected, only availability of the Secure Access server. The weakness maps to [CWE-400] uncontrolled resource consumption. Public EPSS data reports a low near-term exploitation probability, but the network-reachable attack surface elevates operational risk for internet-facing deployments.
Root Cause
The root cause is improper management of memory resources during processing of attacker-controlled tunnel protocol messages. The server does not adequately bound, release, or validate memory associated with protocol state, allowing crafted traffic to drive the process into an unrecoverable resource state.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. The attacker must have intimate knowledge of the proprietary tunnel protocol and total control over the message stream sent to the server. By sending a specific sequence of malformed or abusive protocol messages, the attacker exhausts or corrupts server-side memory structures, producing a persistent denial of service.
No verified public exploit code or proof-of-concept is available. Technical specifics are described in the Absolute Vulnerability Advisory.
Detection Methods for CVE-2026-33445
Indicators of Compromise
- Unexpected termination, hang, or repeated restart of the Secure Access server process without a corresponding administrative action
- Sustained growth of memory usage on the Secure Access server correlated with inbound tunnel protocol traffic
- Loss of tunnel connectivity for all users concurrent with anomalous inbound sessions from a small set of source addresses
Detection Strategies
- Monitor Secure Access server logs for parser errors, malformed tunnel protocol messages, and abnormal session teardown events
- Alert on process availability changes for the Secure Access service and correlate against inbound connection telemetry
- Inspect network flow records for repeated short-lived tunnel connections from the same source preceding a service outage
Monitoring Recommendations
- Track server memory, handle counts, and thread counts on Secure Access hosts with thresholds tuned to baseline operating levels
- Forward Secure Access server and operating system logs to a centralized platform for correlation with network telemetry
- Establish availability probes against the tunnel service and page on sustained failures to accelerate response
How to Mitigate CVE-2026-33445
Immediate Actions Required
- Upgrade Absolute Secure Access server to version 14.55 or later on all affected hosts
- Inventory internet-exposed Secure Access instances and prioritize patching those reachable from untrusted networks
- Enable alerting on Secure Access service restarts and memory anomalies until patching is complete
Patch Information
Absolute has addressed the vulnerability in Secure Access server version 14.55. Administrators should review the Absolute Vulnerability Advisory for upgrade guidance and verify server build numbers after deployment.
Workarounds
- Restrict network reachability to the Secure Access server tunnel port using firewall access control lists where operationally feasible
- Rate-limit or geofence inbound tunnel connections at upstream network devices to reduce exposure to anonymous attackers
- Configure automated service recovery so the Secure Access process restarts promptly if a denial of service condition is observed, pending patch deployment
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

