Insecure Direct Object Reference Vulnerability in Kiteworks Secure Data Forms
CVE-2026-24753

6.5MEDIUM

Key Information:

Vendor: Kiteworks
Status: Secure Data Forms
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-24753?

An Insecure Direct Object Reference (IDOR) vulnerability exists in Kiteworks Secure Data Forms, allowing an authenticated user to modify resources belonging to other users due to inadequate authorization checks on resource ownership. This issue affects versions prior to 9.3.0. It is crucial for organizations using Kiteworks to upgrade to version 9.3.0 or later to ensure proper security and prevent unauthorized access and modifications to sensitive resources. For further details, check the official advisory.

Affected Version(s)

Secure Data Forms < 9.3.0

References

https://github.com/kiteworks/security-advisories/security...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Jan 26, 2026

CVE-2026-24753 Data

JSON