CVE-2026-40952
Absolute Security · Secure Access
A privilege misconfiguration in the Absolute Security Secure Access installer for Windows allows a local user to escalate privileges to a higher level.
Executive summary
A high-severity privilege misconfiguration in the Absolute Security Secure Access installer for Windows enables local users to perform unauthorized privilege escalation.
Vulnerability
The vulnerability consists of a privilege misconfiguration within the software installer. It requires an attacker to have local access and low privileges to exploit the flaw, potentially resulting in full system control.
Business impact
An attacker who successfully exploits this vulnerability can gain elevated privileges on the host machine, leading to complete system compromise. Given the CVSS score of 8.5, this flaw poses a severe threat to the confidentiality, integrity, and availability of sensitive data residing on affected Windows endpoints.
Remediation
Immediate Action: Upgrade the Absolute Security Secure Access software to version 14.55 or later to resolve the installer-related privilege misconfiguration.
Proactive Monitoring: Review Windows system logs for unexpected privilege escalation events, such as unauthorized account creation or the execution of administrative tasks by standard users.
Compensating Controls: Restrict local user access to the affected workstations and limit the ability of non-administrative users to execute installers or modify system-level configurations.
Exploitation status
Public Exploit Available: No
Analyst recommendation
This is a critical security update for organizations utilizing the Secure Access platform. Security teams should ensure that all Windows clients and servers are updated to the specified version to prevent local privilege escalation. Timely patching is essential to maintain the security posture of the endpoint environment.