in the Secure Access installer for the Windows client and server prior to
version 14.55. Attackers with local access to the client or server can use it
to elevate privileges to Administrator when Secure Access is installed in a
non-default location.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 16 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-276 | |
| Metrics |
ssvc
|
Wed, 15 Jul 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location. | |
| Title | Privilge misconfiguration in Secure Access installers | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: Absolute
Published:
Updated: 2026-07-16T13:06:21.115Z
Reserved: 2026-04-16T00:19:03.573Z
Link: CVE-2026-40952
Updated: 2026-07-16T13:06:16.488Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T05:00:04Z