CVE-2026-24761

3.7 LOW

Kiteworks is a private data network (PDN)

Published: 2026-06-01 · Last updated: 2026-06-03

Severity and scoring

CVSS: 3.7 LOW
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-639

Affected products

Vendor	Product
accellion	kiteworks

Description

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

Source: NVD

References

Related CVEs

Same vendor

CVE-2026-24782 — Kiteworks is a private data network (PDN) (7.6 HIGH)
CVE-2026-24756 — Kiteworks is a private data network (PDN) (4.3 MEDIUM)
CVE-2026-24755 — Kiteworks is a private data network (PDN) (5.4 MEDIUM)
CVE-2026-24754 — Kiteworks is a private data network (PDN) (5.4 MEDIUM)
CVE-2026-24753 — Kiteworks is a private data network (PDN) (6.5 MEDIUM)

Same CWE

CVE-2026-44692 — Sharp is a content management framework built for Laravel as a package (7.7 HIGH)
CVE-2026-46558 — Plane is an open-source project management tool (8.3 HIGH)
CVE-2026-53471 — A flaw was found in migration-planner (9.6 CRITICAL)
CVE-2026-53470 — A flaw was found in migration-planner (9.6 CRITICAL)
CVE-2026-45563 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (4.3 MEDIUM)