CVEDB API

Vulnerabilities

Vulnerable Software

Accellion: >> Kiteworks >> 9.1.0 Security Vulnerabilities

CVE-2026-24782

Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global configuration parameters. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

CVSS Score

7.6

EPSS Score

0.0

Published

2026-06-01

CVE-2026-24752

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

CVSS Score

8.2

EPSS Score

0.0

Published

2026-06-01

CVE-2026-24753

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

CVSS Score

6.5

EPSS Score

0.0

Published

2026-06-01

CVE-2026-24754

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

CVSS Score

5.4

EPSS Score

0.0

Published

2026-06-01

CVE-2026-24755

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

CVSS Score

5.4

EPSS Score

0.0

Published

2026-06-01

CVE-2026-24756

CVSS Score

4.3

EPSS Score

0.0

Published

2026-06-01

CVE-2026-24761

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

CVSS Score

3.7

EPSS Score

0.0

Published

2026-06-01

CVE-2026-24751

CVSS Score

8.2

EPSS Score

0.0

Published

2026-06-01

CVE-2026-23638

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

CVSS Score

6.5

EPSS Score

0.0

Published

2026-06-01

CVE-2026-29092

Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally expires. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

CVSS Score

4.9

EPSS Score

0.0

Published

2026-03-25

Page 1

Vulnerabilities

Vulnerable Software

Accellion: >> Kiteworks >> 9.1.0 Security Vulnerabilities

Products

Pricing

Contact Us