CVE-2026-24756

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0

Description Kiteworks is a private data network (PDN). An Insecure Direct Object Reference (IDOR)—a flaw where an application provides direct access to objects based on user-supplied input—exists in Kiteworks Secure Data Forms. This allows an authenticated user to modify resources belonging to other users because of insufficient authorization checks on resource ownership.

Recommendations Upgrade to version 9.3.0 or later.