Stored XSS Vulnerability in Kiteworks Secure Data Forms
CVE-2026-24750

7.6HIGH

Key Information:

Vendor: Kiteworks
Status: Secure Data Forms
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-24750?

An authenticated attacker could exploit an input handling flaw in Kiteworks Secure Data Forms prior to version 9.2.1, allowing for the injection of malicious scripts. This Stored Cross-Site Scripting (XSS) vulnerability could lead to unauthorized actions executed within a user's session context. It is crucial to upgrade to version 9.2.1 or later to patch this security issue and protect sensitive data handled by the application.

Affected Version(s)

Secure Data Forms < 9.2.1

References

https://github.com/kiteworks/security-advisories/security...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 26, 2026

CVE-2026-24750 Data

JSON