CVE-2026-11459: Information Disclosure in SecureAge CatchPulse
CVE-2026-11459 is a medium severity information disclosure vulnerability in SecureAge CatchPulse versions up to 10. 9. 1. It involves an unknown function in the saappctl. sys library's IOCTL Handler component. Exploitation requires local access and can lead to unauthorized information disclosure. The vulnerability has been publicly disclosed, but the vendor has not responded or provided a patch. No official remediation or workaround is currently available.
AI Analysis
Technical Summary
This vulnerability affects SecureAge CatchPulse up to version 10.9.1 in the saappctl.sys library, specifically within the IOCTL Handler component. The flaw allows a local attacker with limited privileges to manipulate the component, resulting in information disclosure. The CVSS 4.8 score reflects a medium severity with low attack complexity and no user interaction required. The vendor has not issued a patch or advisory, and the exploit details have been publicly disclosed.
Potential Impact
An attacker with local access and limited privileges can exploit this vulnerability to disclose sensitive information from the affected system. There is no indication of privilege escalation, denial of service, or remote exploitation. The impact is limited to information disclosure under local attack conditions.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Since the vendor has not responded and no temporary fixes are documented, users should restrict local access to trusted individuals only and monitor for suspicious local activity. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2026-11459: Information Disclosure in SecureAge CatchPulse
Description
CVE-2026-11459 is a medium severity information disclosure vulnerability in SecureAge CatchPulse versions up to 10. 9. 1. It involves an unknown function in the saappctl. sys library's IOCTL Handler component. Exploitation requires local access and can lead to unauthorized information disclosure. The vulnerability has been publicly disclosed, but the vendor has not responded or provided a patch. No official remediation or workaround is currently available.
CVSS v4.0
Score 4.8medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects SecureAge CatchPulse up to version 10.9.1 in the saappctl.sys library, specifically within the IOCTL Handler component. The flaw allows a local attacker with limited privileges to manipulate the component, resulting in information disclosure. The CVSS 4.8 score reflects a medium severity with low attack complexity and no user interaction required. The vendor has not issued a patch or advisory, and the exploit details have been publicly disclosed.
Potential Impact
An attacker with local access and limited privileges can exploit this vulnerability to disclose sensitive information from the affected system. There is no indication of privilege escalation, denial of service, or remote exploitation. The impact is limited to information disclosure under local attack conditions.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Since the vendor has not responded and no temporary fixes are documented, users should restrict local access to trusted individuals only and monitor for suspicious local activity. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-06T16:06:09.991Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a253aede29bf47b50b18e1e
Added to database: 6/7/2026, 9:33:33 AM
Last enriched: 6/7/2026, 9:48:26 AM
Last updated: 6/7/2026, 12:47:17 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.