Threat Entry Updated 2026-02-02

CVE-2026-0518 - Secure Access Plugin

CVE-2026-0518 is a cross-site scripting vulnerability in versions of Secure Access prior to 14.20. An attacker with administrative privileges can interfere with another administrator’s use of the console.

PLUGIN Secure Access

CVE-2026-0518

MEDIUM CVSS 4.8 2026-01-17

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-02

CVE-2026-0519 - Secure Access Plugin

In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system.

PLUGIN Secure Access

CVE-2026-0519

MEDIUM CVSS 4.6 2026-01-17

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-02

CVE-2026-0517 - Secure Access Plugin

CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure Access Server prior to 14.20. An attacker can send a specially crafted packet to a server and cause the server to crash

PLUGIN Secure Access

CVE-2026-0517

MEDIUM CVSS 6.0 2026-01-17

Risk Score

Open Full Technical Breakdown