May 2026 Security Advisory Ivanti Secure Access Client (CVE-2026-7431, CVE-2026-7432)

Update 22 May: CVE-2026-8992 has been added to Vulnerability Details Summary Ivanti has released updates for the Ivanti Secure Access Client which addresses one medium severity vulnerability and two High severity vulnerabilities. We are not aware of any customers being exploited by these...

CVE-2026-40949

CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service...

CVE-2026-33451

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

CVE-2026-33452

CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system...

CVE-2026-40951 Memory corruption in Secure Access Windows clients prior to 14.50

CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service...

EUVD-2026-26431

CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service...

CVE-2026-40949 Buffer overflow in Windows clients prior to 14.50

CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service...

CVE-2026-40949 Buffer overflow in Windows clients prior to 14.50

CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service...

EUVD-2026-26429

CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service...

CVE-2026-40949

CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service...

CVE-2026-40949

CVE-2026-40949 affects the Secure Access Windows client (prior to version 14.50). The vulnerability is a buffer overflow in the Windows client component that attackers could exploit when they have local control of the host. The documented impact is a denial of service, with the CVSS 4.0 base scor...

EUVD-2026-26424

CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system...

CVE-2026-33452 Buffer overflow in Windows clients prior to 14.50

CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system...

CVE-2026-33452

CVE-2026-33452 describes a buffer overflow in the Secure Access Windows client prior to version 14.50. The vulnerability allows an attacker with local control of the Windows client to trigger a blue screen, with potential impact to availability (per CVSS: LOCAL, low attack complexity, no privileg...

CVE-2026-33452 Buffer overflow in Windows clients prior to 14.50

CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system...

CVE-2026-33451

CVE-2026-33451 : An arbitrary read/write vulnerability exists in the Secure Access Windows client prior to version 14.50. With local control of the Windows client, an attacker can send malformed data to a documented API and elevate privileges to SYSTEM. The connected documents confirm the affecte...

CVE-2026-33451 Arbitrary read/write vulnerability in Windows clients prior to 14.50

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

CVE-2026-33451 Arbitrary read/write vulnerability in Windows clients prior to 14.50

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

CVE-2026-33451

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

PT-2026-36180

Name of the Vulnerable Software and Affected Versions Secure Access Windows client versions prior to 14.50 Description A buffer overflow occurs in the Secure Access Windows client. Attackers with local control of the client can exploit this to trigger a denial of service DoS, which is a condition...