Vulnerability Details CVE-2026-40954
CVE-2026-40954
is an integer underflow vulnerability in the traffic parsing function of Secure
Access clients prior to 14.55. Attackers with intimate knowledge of and total
control over the tunnel protocol can create a non-persistent DoS against their
client
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 10.1%
CVSS Severity
CVSS v3 Score 3.7
Products affected by CVE-2026-40954
-
cpe:2.3:a:absolute:secure_access:-
-
cpe:2.3:a:absolute:secure_access:12.00
-
cpe:2.3:a:absolute:secure_access:12.50
-
cpe:2.3:a:absolute:secure_access:12.70
-
cpe:2.3:a:absolute:secure_access:13.04
-
cpe:2.3:a:absolute:secure_access:13.05
-
cpe:2.3:a:absolute:secure_access:13.06
-
cpe:2.3:a:absolute:secure_access:13.07
-
cpe:2.3:a:absolute:secure_access:13.08
-
cpe:2.3:a:absolute:secure_access:13.54
-
cpe:2.3:a:absolute:secure_access:13.55
-
cpe:2.3:a:absolute:secure_access:13.56
-
cpe:2.3:a:absolute:secure_access:14.02
-
cpe:2.3:a:absolute:secure_access:14.10
-
cpe:2.3:a:absolute:secure_access:14.12
-
cpe:2.3:a:absolute:secure_access:14.20
-
cpe:2.3:a:absolute:secure_access:9.0