CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24755

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.9%

CVSS Severity

CVSS v3 Score 5.4

References

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-f8rf-7jq6-gch9

Products affected by CVE-2026-24755

Accellion » Kiteworks » Version: 7.3.0

cpe:2.3:a:accellion:kiteworks:7.3.0
Accellion » Kiteworks » Version: 7.3.1

cpe:2.3:a:accellion:kiteworks:7.3.1
Accellion » Kiteworks » Version: 7.3.2

cpe:2.3:a:accellion:kiteworks:7.3.2
Accellion » Kiteworks » Version: 7.4.0

cpe:2.3:a:accellion:kiteworks:7.4.0
Accellion » Kiteworks » Version: 9.1.0

cpe:2.3:a:accellion:kiteworks:9.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24755

Products

Pricing

Contact Us