CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24761

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.5%

CVSS Severity

CVSS v3 Score 3.7

References

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-6489-ffwq-96hh

Products affected by CVE-2026-24761

Accellion » Kiteworks » Version: 7.3.0

cpe:2.3:a:accellion:kiteworks:7.3.0
Accellion » Kiteworks » Version: 7.3.1

cpe:2.3:a:accellion:kiteworks:7.3.1
Accellion » Kiteworks » Version: 7.3.2

cpe:2.3:a:accellion:kiteworks:7.3.2
Accellion » Kiteworks » Version: 7.4.0

cpe:2.3:a:accellion:kiteworks:7.4.0
Accellion » Kiteworks » Version: 9.1.0

cpe:2.3:a:accellion:kiteworks:9.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24761

Products

Pricing

Contact Us