A vulnerability identified as problematic has been detected in SecureAge CatchPulse up to 10.9.1 . Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler . The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2026-11459 . Local access is required to approach this attack. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.