SQL Injection Vulnerabilities in Kiteworks Secure Data Forms
CVE-2026-24782

7.6HIGH

Key Information:

Vendor: Kiteworks
Status: Secure Data Forms
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-24782?

Multiple SQL Injection vulnerabilities have been discovered in Kiteworks Secure Data Forms, affecting versions prior to 9.3.0. An authenticated attacker with the FormBuilder role can exploit these vulnerabilities to access or modify form definitions and certain global configuration settings for other users. It is essential for users to upgrade to version 9.3.0 or later to mitigate these security risks and safeguard sensitive data.

Affected Version(s)

Secure Data Forms < 9.3.0

References

https://github.com/kiteworks/security-advisories/security...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Jan 26, 2026

CVE-2026-24782 Data

JSON