Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through...

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

Basic Information

ID CVE-2026-24756

Source GitHub_M

Published Jun 1, 2026 at 21:51

Affected Product

Vendor kiteworks

Product Secure Data Forms

Version < 9.3.0

Affected Versions kiteworks Secure Data Forms < 9.3.0

CWE Classification

CWE-639

References

github.com /kiteworks/security-advisories/security/advisories/GHSA-jgvj-mf78-rxx8

{
    "lastseen": "",
    "description": "Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.",
    "published": "2026-06-01T21:51:04.450Z",
    "modified": "2026-06-01T21:51:04.450Z",
    "type": "cve",
    "title": "Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key",
    "source": "GitHub_M",
    "references": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-jgvj-mf78-rxx8",
    "id": "CVE-2026-24756",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "kiteworks Secure Data Forms < 9.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Secure Data Forms",
    "version": "< 9.3.0",
    "vendor": "kiteworks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key_CVE-2026-24756