CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location.
History

Thu, 16 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-276
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 15 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
Description CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location.
Title Privilge misconfiguration in Secure Access installers
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published:

Updated: 2026-07-16T13:06:21.115Z

Reserved: 2026-04-16T00:19:03.573Z

Link: CVE-2026-40952

cve-icon Vulnrichment

Updated: 2026-07-16T13:06:16.488Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.