PULSE
LIVE9signals / 24h
FEED
ransomqilin reclama a Don Tortaco Mexican Grill · US · Hospitality and Tourismransomqilin reclama a Associated Theatrical Contractors · US · Business Servicesransompayload reclama a CKR Consulting Engineers · Business Servicesransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcareransomqilin reclama a Famesa · PE · Agriculture and Food Productionransomkrybit reclama a euroins.bg · BG · Financial Servicesransomnova reclama a FMZ Tecnologia em Sistemas · BR · Technologyransomqilin reclama a Heartland Catfish · US · Agriculture and Food Productionransomqilin reclama a Salina Supply · US · Business Servicesransomqilin reclama a St Martha Catholic Church · US · Consumer Servicesransomqilin reclama a Don Tortaco Mexican Grill · US · Hospitality and Tourismransomqilin reclama a Associated Theatrical Contractors · US · Business Servicesransompayload reclama a CKR Consulting Engineers · Business Servicesransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcareransomqilin reclama a Famesa · PE · Agriculture and Food Productionransomkrybit reclama a euroins.bg · BG · Financial Servicesransomnova reclama a FMZ Tecnologia em Sistemas · BR · Technologyransomqilin reclama a Heartland Catfish · US · Agriculture and Food Productionransomqilin reclama a Salina Supply · US · Business Servicesransomqilin reclama a St Martha Catholic Church · US · Consumer Services
← All CVEs
CVE WatchJul 16, 2026

CVE-2026-40958

CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control o

CVSS

3.7

Low

EPSS

0.2%

p13

KEV

Exploit Today

4

0-100

Published: Jul 15, 2026 · Last modified: Jul 16, 2026 · CWE-20

EPSS · 30d
0.2%EPSS · 30 days0.2%
2026-07-162026-07-19
Technical description

CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client.

Official references
Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-341978.8 HIG
99.9%
KEV80Apache ActiveMQ Improper Input Validation Vulnerability5d
CVE-2026-125699.8 CRI
66.0%
KEV70PTC Windchill and FlexPLM Improper Input Validation Vulnerability19d
CVE-2025-607877.2 HIG
97.0%
29MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.15d
CVE-2017-149197.5 HIG
94.3%
28Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.5d
CVE-2026-482849.6 CRI
94.1%
28ColdFusion is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.4d
CVE-2022-457258.8 HIG
93.4%
28Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request11d