CVE-2026-24069 Kiuwan — Exploit & Vulnerability Details MEDIUM

CVE-2026-24069

MEDIUM CVSS 3.1: 5.4 EPSS 0.01%

Parameter	Value
CVSS	5.4 (MEDIUM)
Affected Versions	before 2.8.2509.4.
Type	CWE-863 (Incorrect Authorization)
Vendor	Kiuwan
Public PoC	No

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-863 Incorrect Authorization

References 2

https://r.sec-consult.com/kiuwanlock

551230f0-3615-47bd-b7cc-93e92e730bbf

http://seclists.org/fulldisclosure/2026/Apr/5

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Menu

CVE-2026-24069

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

CVE Details

Editor's Choice

Menu

CVE-2026-24069

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

CVE Details

Editor's Choice

Stay informed on cybersecurity