Reflected XSS Vulnerability in Kiteworks Secure Data Forms
CVE-2026-24752

8.2HIGH

Key Information:

Vendor: Kiteworks
Status: Secure Data Forms
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-24752?

Kiteworks Secure Data Forms versions prior to 9.3.0 are susceptible to a reflected Cross-Site Scripting (XSS) vulnerability. This flaw allows malicious external actors to craft specialized requests that can trick legitimate users into executing arbitrary JavaScript code. To mitigate this security risk, users are advised to upgrade to version 9.3.0 or later, which includes vital patches addressing this vulnerability. For more information, please visit the Kiteworks security advisory.

Affected Version(s)

Secure Data Forms < 9.3.0

References

https://github.com/kiteworks/security-advisories/security...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Jan 26, 2026

CVE-2026-24752 Data

JSON