Kiteworks Secure Data Forms vulnerabilities
11 known vulnerabilities affecting kiteworks/secure_data_forms.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2026-24782P3HIGHCVSS 8.8fixed in 9.3.02026-06-01
CVE-2026-24782 [HIGH] CWE-89 CVE-2026-24782: Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilit
Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global configuration parameters. Upgrade Kiteworks to version 9.3.0 o
nvd
CVE-2026-23636P3HIGHCVSS 7.2fixed in 9.2.12026-03-25
CVE-2026-23636 [HIGH] CWE-434 CVE-2026-23636: Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, th
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
nvd
CVE-2026-24751P3HIGHCVSS 8.2fixed in 9.3.02026-06-01
CVE-2026-24751 [HIGH] CWE-79 CVE-2026-24751: Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
nvd
CVE-2026-24752P3HIGHCVSS 8.2fixed in 9.3.02026-06-01
CVE-2026-24752 [HIGH] CWE-79 CVE-2026-24752: Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
nvd
CVE-2026-23635P3MEDIUMCVSS 6.5fixed in 9.2.12026-03-25
CVE-2026-23635 [MEDIUM] CWE-523 CVE-2026-23635: Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
nvd
CVE-2026-23638P3MEDIUMCVSS 6.5fixed in 9.3.02026-06-01
CVE-2026-23638 [MEDIUM] CWE-639 CVE-2026-23638: Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Referen
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient authorization checks on resource ownership. Upgrade
nvd
CVE-2026-24753P3MEDIUMCVSS 6.5fixed in 9.3.02026-06-01
CVE-2026-24753 [MEDIUM] CWE-639 CVE-2026-24753: Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Referen
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a p
nvd
CVE-2026-24755P4MEDIUMCVSS 5.4fixed in 9.3.02026-06-01
CVE-2026-24755 [MEDIUM] CWE-639 CVE-2026-24755: Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Referen
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later
nvd
CVE-2026-24750P4MEDIUMCVSS 5.4fixed in 9.2.12026-03-25
CVE-2026-24750 [MEDIUM] CWE-79 CVE-2026-24750: Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
nvd
CVE-2026-24756P4MEDIUMCVSS 4.3fixed in 9.3.02026-06-01
CVE-2026-24756 [MEDIUM] CWE-639 CVE-2026-24756: Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Referen
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a p
nvd
CVE-2026-24761P4MEDIUMCVSS 4.3fixed in 9.3.02026-06-01
CVE-2026-24761 [MEDIUM] CWE-639 CVE-2026-24761: Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Referen
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to
nvd