Improper Authorization in Kiuwan SAST Affects User Login Security
CVE-2026-24069

5.4MEDIUM

Key Information:

Vendor: Kiuwan
Status: Sast
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-24069?

Kiuwan SAST suffers from an improper authorization flaw that allows Single Sign-On (SSO) logins for user accounts that have been disabled. This vulnerability permits disabled users continued access to the application, posing a significant security risk. Both Kiuwan Cloud and earlier versions of Kiuwan SAST (KOP) prior to 2.8.2509.4 are affected, allowing unauthorized interactions with the system.

Affected Version(s)

SAST <2.8.2509.4

References

https://r.sec-consult.com/kiuwanlock

third-party-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Jan 21, 2026

Credit

Bernhard Gründling, SEC Consult Vulnerability Lab

Fabian Würfl, SEC Consult Vulnerability Lab

Johannes Greil, SEC Consult Vulnerability Lab

CVE-2026-24069 Data

JSON