Insecure Direct Object Reference in Kiteworks Secure Data Forms by Kiteworks
CVE-2026-24755

5.4MEDIUM

Key Information:

Vendor: Kiteworks
Status: Secure Data Forms
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-24755?

The Kiteworks Secure Data Forms, part of the Kiteworks private data network, is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This flaw allows authenticated users to improperly alter permissions on resources owned by other users. The issue stems from inadequate authorization checks on resource ownership, posing a risk of unintended access and manipulation. Users are strongly advised to upgrade to version 9.3.0 or later to mitigate these risks and enhance the security of their data management practices.

Affected Version(s)

Secure Data Forms < 9.3.0

References

https://github.com/kiteworks/security-advisories/security...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Jan 26, 2026

CVE-2026-24755 Data

JSON