CVE-2026-24750
Received Received - Intake
Stored XSS in Kiteworks Secure Data Forms Allows Data Manipulation

Publication date: 2026-03-25

Last updated on: 2026-03-27

Assigner: GitHub, Inc.

Description
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-27
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-14
NVD
CVE-2026-24750
EUVD
EUVD-2026-15455
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
accellion kiteworks to 9.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

CVE-2026-24750 is a Stored Cross-site Scripting (XSS) vulnerability that can lead to high impact on confidentiality and integrity by allowing an authenticated attacker to inject malicious scripts that execute in other users' browsers.

Such a vulnerability could potentially lead to unauthorized access or exposure of sensitive data, which may affect compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive information.

However, the provided information does not explicitly state the direct impact on compliance with these standards or regulations.

Executive Summary

This vulnerability affects Kiteworks Secure Data Forms versions prior to 9.2.1. It is an instance of Improper Neutralization of Input During Web Page Generation, specifically a Stored Cross-Site Scripting (XSS) vulnerability. An authenticated attacker can exploit this by modifying forms to inject malicious scripts that are stored and later executed in the context of other users.

Impact Analysis

Exploitation of this vulnerability can lead to significant impacts including unauthorized disclosure of sensitive information, manipulation of data, and potential disruption of service. Since the CVSS score indicates high confidentiality and integrity impact, an attacker could steal or alter sensitive data and perform actions on behalf of legitimate users.

Mitigation Strategies

To mitigate this vulnerability, upgrade Kiteworks Secure Data Forms to version 9.2.1 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24750. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart