Kiteworks · Kiteworks · CVE-2026-24755
**Name of the Vulnerable Software and Affected Versions**
Kiteworks versions prior to 9.3.0
**Description**
An Insecure Direct Object Reference (IDOR) issue in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users. This occurs due to insufficient authorization checks on resource ownership. IDOR is a type of access control flaw where an application provides direct access to objects based on user-supplied input.
**Recommendations**
Upgrade to version 9.3.0 or later.