CVE-2026-24782
7.6 HIGHKiteworks is a private data network (PDN)
Published: 2026-06-01 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 7.6 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
- CWE
- CWE-89
Affected products
| Vendor | Product |
|---|---|
| accellion | kiteworks |
Description
Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global configuration parameters. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-24761 — Kiteworks is a private data network (PDN) (3.7 LOW)
- CVE-2026-24756 — Kiteworks is a private data network (PDN) (4.3 MEDIUM)
- CVE-2026-24755 — Kiteworks is a private data network (PDN) (5.4 MEDIUM)
- CVE-2026-24754 — Kiteworks is a private data network (PDN) (5.4 MEDIUM)
- CVE-2026-24753 — Kiteworks is a private data network (PDN) (6.5 MEDIUM)
Same CWE
- CVE-2026-53474 — A flaw was found in migration-planner (9.6 CRITICAL)
- CVE-2026-52758 — Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL qu... (8.8 HIGH)
- CVE-2026-49498 — Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to e... (8.8 HIGH)
- CVE-2026-3018 — The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up t... (7.5 HIGH)
- CVE-2026-3326 — The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX ... (8.6 HIGH)