Can you explain this vulnerability to me?

CVE-2026-24069 is a vulnerability in Kiuwan SAST's Single Sign-On (SSO) authentication mechanism. It occurs because the system improperly enforces account lockout for locally disabled user accounts that are mapped to SSO users. This means that even if an administrator disables a local Kiuwan user account, the corresponding user can still log in through SSO without restriction.

The issue affects both the cloud and on-premise versions of Kiuwan SAST prior to version 2.8.2509.4. The vulnerability allows users with disabled local accounts to bypass the lockout and access the Kiuwan WebUI via SSO, which should not be possible.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to unauthorized access to the Kiuwan WebUI by users whose local accounts have been disabled. Such users can bypass account lockout controls through SSO, potentially gaining access to sensitive information or functionality within the application.

Because disabled accounts are meant to prevent access, this flaw undermines administrative controls and could allow former employees or unauthorized users to continue using the system, posing a medium impact risk.

There is no workaround other than applying the vendor's patch, so immediate updating is strongly recommended to mitigate this risk.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves improper enforcement of locked accounts in the Kiuwan SAST WebUI Single Sign-On (SSO) mechanism, allowing disabled local accounts to still access the application via SSO.

Detection would require verifying whether disabled local Kiuwan accounts can still successfully log in through SSO. Since the issue is specific to the Kiuwan WebUI SSO login process, there are no specific network commands or standard system commands provided to detect this vulnerability.

A practical approach is to attempt logging in via SSO with a locally disabled user account and observe if access is granted. Monitoring authentication logs for successful SSO logins from disabled accounts may also help identify exploitation.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The vendor strongly recommends immediate installation of the patch that fixes this vulnerability. For Kiuwan SAST on-premise, the fix is included in version 2.8.2509.4, released by November 2025. For the cloud version, the fix was released on July 29, 2025.

No workaround exists other than applying the patch.

Additionally, it is advised to perform a comprehensive security review of the product after patching.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows disabled user accounts to bypass local account lockout and gain unauthorized access to the Kiuwan WebUI via Single Sign-On (SSO). This improper authorization could lead to unauthorized access to sensitive data or systems managed through Kiuwan SAST.

Such unauthorized access risks may impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive information. Failure to properly enforce account lockouts and prevent unauthorized access could result in violations of these regulations.

Therefore, until the patch is applied, organizations using affected versions of Kiuwan SAST may face increased risk of non-compliance due to this security flaw.

Useful 0 Not Useful 0