CVE-2026-23638
6.5 MEDIUMKiteworks is a private data network (PDN)
Published: 2026-06-01 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- CWE
- CWE-639
Affected products
| Vendor | Product |
|---|---|
| accellion | kiteworks |
Description
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-24782 — Kiteworks is a private data network (PDN) (7.6 HIGH)
- CVE-2026-24761 — Kiteworks is a private data network (PDN) (3.7 LOW)
- CVE-2026-24756 — Kiteworks is a private data network (PDN) (4.3 MEDIUM)
- CVE-2026-24755 — Kiteworks is a private data network (PDN) (5.4 MEDIUM)
- CVE-2026-24754 — Kiteworks is a private data network (PDN) (5.4 MEDIUM)
Same CWE
- CVE-2026-12204 — A vulnerability was determined in ShopXO up to 6.7.1 (7.3 HIGH)
- CVE-2026-1291 — The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST AP... (4.3 MEDIUM)
- CVE-2026-54361 — MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow at...
- CVE-2026-54360 — A mass assignment vulnerability exists in MISP’s sharing group creation endpoint
- CVE-2026-54357 — An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings bel...