What is CVE-2026-24782?

CVE-2026-24782 is a high-severity vulnerability in Accellion Kiteworks, classified under SQL Injection. CVSS score: 7.6/10. Published 2026-06-01.

How severe is CVE-2026-24782?

High severity. CVSS v3 base score is 7.6 out of 10.

SQL Injection in Accellion Kiteworks

CVE-2026-24782

Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or…

Vulnerability class: SQL Injection

EPSS: 0.000 (8.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L.

Affected products

Accellion Kiteworks
Kiteworks Secure Data Forms — versions < 9.3.0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2026-24782?: CVE-2026-24782 is a high-severity vulnerability in Accellion Kiteworks, classified under SQL Injection. CVSS score: 7.6/10. Published 2026-06-01.
How severe is CVE-2026-24782?: High severity. CVSS v3 base score is 7.6 out of 10.