What is CVE-2026-24761?

CVE-2026-24761 is a low-severity vulnerability in Accellion Kiteworks, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 3.7/10. Published 2026-06-01.

How severe is CVE-2026-24761?

Low severity. CVSS v3 base score is 3.7 out of 10.

Auth bypass in Accellion Kiteworks

CVE-2026-24761

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other user…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (8.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Accellion Kiteworks
Kiteworks Secure Data Forms — versions < 9.3.0

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2026-24761?: CVE-2026-24761 is a low-severity vulnerability in Accellion Kiteworks, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 3.7/10. Published 2026-06-01.
How severe is CVE-2026-24761?: Low severity. CVSS v3 base score is 3.7 out of 10.