{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0519", "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079", "state": "PUBLISHED", "assignerShortName": "Absolute", "dateReserved": "2025-12-12T17:25:37.542Z", "datePublished": "2026-01-17T01:13:59.183Z", "dateUpdated": "2026-01-20T18:39:13.845Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Secure Access", "vendor": "Absolute Security", "versions": [{"lessThan": "14.20", "status": "affected", "version": "12.70", "versionType": "Server"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Secure Access 12.70 and prior to 14.20, the logging \nsubsystem may write an unredacted authentication token to logs under \ncertain configurations. Any party with access to those logs could read \nthe token and reuse it to access an integrated system."}], "value": "In Secure Access 12.70 and prior to 14.20, the logging \nsubsystem may write an unredacted authentication token to logs under \ncertain configurations. Any party with access to those logs could read \nthe token and reuse it to access an integrated system."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.6, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "b6533044-ea05-4482-8458-7bddeca0d079", "shortName": "Absolute", "dateUpdated": "2026-01-17T01:13:59.183Z"}, "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-0519"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure in Secure Access Between 12.70 and 14.20", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-532", "lang": "en", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-20T18:37:55.973582Z", "id": "CVE-2026-0519", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T18:39:13.845Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0519", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-20T18:37:55.973582Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T18:38:31.687Z"}}], "cna": {"title": "Information Disclosure in Secure Access Between 12.70 and 14.20", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Absolute Security", "product": "Secure Access", "versions": [{"status": "affected", "version": "12.70", "lessThan": "14.20", "versionType": "Server"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-0519"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "In Secure Access 12.70 and prior to 14.20, the logging \nsubsystem may write an unredacted authentication token to logs under \ncertain configurations. Any party with access to those logs could read \nthe token and reuse it to access an integrated system.", "supportingMedia": [{"type": "text/html", "value": "In Secure Access 12.70 and prior to 14.20, the logging \nsubsystem may write an unredacted authentication token to logs under \ncertain configurations. Any party with access to those logs could read \nthe token and reuse it to access an integrated system.", "base64": false}]}], "providerMetadata": {"orgId": "b6533044-ea05-4482-8458-7bddeca0d079", "shortName": "Absolute", "dateUpdated": "2026-01-17T01:13:59.183Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0519", "state": "PUBLISHED", "dateUpdated": "2026-01-20T18:39:13.845Z", "dateReserved": "2025-12-12T17:25:37.542Z", "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079", "datePublished": "2026-01-17T01:13:59.183Z", "assignerShortName": "Absolute"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Secure Access 12.70 and prior to 14.20, the logging \nsubsystem may write an unredacted authentication token to logs under \ncertain configurations. Any party with access to those logs could read \nthe token and reuse it to access an integrated system."}], "id": "CVE-2026-0519", "lastModified": "2026-01-20T19:15:50.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "SecurityResponse@netmotionsoftware.com", "type": "Secondary"}]}, "published": "2026-01-17T02:15:49.627", "references": [{"source": "SecurityResponse@netmotionsoftware.com", "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-0519"}], "sourceIdentifier": "SecurityResponse@netmotionsoftware.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2026-01-19T09:19:30.519586+00:00", "updated": "2026-01-19T09:19:30.519614+00:00", "vendors": ["absolute", "absolute$PRODUCT$secure_access"]}