PT-2026-36170 · Unknown · Secure Access
Published
2026-04-30
·
Updated
2026-05-05
·
CVE-2026-33448
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Secure Access client for MacOS versions prior to 14.50
Description
A format string issue exists in the logging subsystem. Attackers controlling a modified server can force the client to dump small portions of memory into log files, which may reveal sensitive secrets. A format string vulnerability occurs when an application improperly uses user-supplied input as a format string in functions that perform formatted output, allowing an attacker to read or write to memory.
Recommendations
Update to version 14.50 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Secure Access