CVE-2026-24750

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-24750
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

7.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rfwm-2hq6-h84g Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:accellion:kiteworks:*:*:*:*:*:*:*:*
History

27 Mar 2026, 19:23

Type Values Removed Values Added
References () https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rfwm-2hq6-h84g - () https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rfwm-2hq6-h84g - Vendor Advisory
CPE cpe:2.3:a:accellion:kiteworks:*:*:*:*:*:*:*:*
First Time Accellion kiteworks
Accellion
Summary
  • (es) Kiteworks es una red de datos privada (PDN). En Kiteworks Secure Data Forms anterior a la versión 9.2.1, un atacante autenticado podría explotar una neutralización incorrecta de la entrada durante la generación de páginas web como XSS almacenado al modificar formularios. Actualice Kiteworks a la versión 9.2.1 o posterior para recibir un parche.

25 Mar 2026, 16:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-25 16:16

Updated : 2026-03-27 19:23

NVD link : CVE-2026-24750

Mitre link : CVE-2026-24750

CVE.ORG link : CVE-2026-24750

JSON object : View

Products Affected

accellion

  • kiteworks
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')