o  
CVE-2026-40957 is a frameable content
vulnerability in the Secure Access server login page prior to 14.55. Attackers
with control of a malicious web site could use it to potentially steal
credentials from an unwary administrator.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 16 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1021
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 15 Jul 2026 20:15:00 +0000

Type Values Removed Values Added
Description o   CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator.
Title Frameable content vulnerability in the Secure Access server login page
References
Metrics cvssV4_0

{'score': 6.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published:

Updated: 2026-07-16T13:16:38.543Z

Reserved: 2026-04-16T00:19:03.574Z

Link: CVE-2026-40957

cve-icon Vulnrichment

Updated: 2026-07-16T13:16:35.010Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses