CVE-2026-24756
4.3 MEDIUMKiteworks is a private data network (PDN)
Published: 2026-06-01 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-639
Affected products
| Vendor | Product |
|---|---|
| accellion | kiteworks |
Description
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-24782 — Kiteworks is a private data network (PDN) (7.6 HIGH)
- CVE-2026-24761 — Kiteworks is a private data network (PDN) (3.7 LOW)
- CVE-2026-24755 — Kiteworks is a private data network (PDN) (5.4 MEDIUM)
- CVE-2026-24754 — Kiteworks is a private data network (PDN) (5.4 MEDIUM)
- CVE-2026-24753 — Kiteworks is a private data network (PDN) (6.5 MEDIUM)
Same CWE
- CVE-2026-44692 — Sharp is a content management framework built for Laravel as a package (7.7 HIGH)
- CVE-2026-46558 — Plane is an open-source project management tool (8.3 HIGH)
- CVE-2026-53471 — A flaw was found in migration-planner (9.6 CRITICAL)
- CVE-2026-53470 — A flaw was found in migration-planner (9.6 CRITICAL)
- CVE-2026-45563 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (4.3 MEDIUM)