CVE-2026-24069
Deferred
Deferred - Pending Action
Improper Authorization in Kiuwan SAST Enables Disabled User Access
Vulnerability report for CVE-2026-24069, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-14
Last updated on: 2026-05-19
Assigner: SEC Consult Vulnerability Lab
Description
Description
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kiuwan | kiuwan_cloud | to 2.8.2509.4 (exc) |
| kiuwan | kiuwan_sast | to 2.8.2509.4 (exc) |
| kiuwan | kiuwan_sast | 2.8.2412.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |