Auth bypass in Accellion Kiteworks
CVE-2026-24753
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to ins…
Vulnerability class: IDOR (Insecure Direct Object Reference)
EPSS: 0.000 (8.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Accellion Kiteworks
- Kiteworks Secure Data Forms — versions < 9.3.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2026-24753?
- CVE-2026-24753 is a medium-severity vulnerability in Accellion Kiteworks, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 6.5/10. Published 2026-06-01.
- How severe is CVE-2026-24753?
- Medium severity. CVSS v3 base score is 6.5 out of 10.