CVE-2026-24761

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0

Description An Insecure Direct Object Reference (IDOR) issue in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users. This occurs because of insufficient authorization checks on resource ownership. IDOR is a type of access control flaw where an application provides direct access to objects based on user-supplied input.

Recommendations Upgrade to version 9.3.0 or later.