Insecure Direct Object Reference in Kiteworks Secure Data Forms
CVE-2026-24756
4.3MEDIUM
What is CVE-2026-24756?
An Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms permits authenticated users to modify resources that belong to other users. This situation arises due to inadequate authorization checks on resource ownership, potentially leading to unauthorized access and data manipulation. Users are advised to update to version 9.3.0 or later to mitigate this security risk.
Affected Version(s)
Secure Data Forms < 9.3.0