CVE-2026-24782— Kiteworks Secure Data Forms has a SQL Injection vulnerability
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-24782
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kiteworks Secure Data Forms has a SQL Injection vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global configuration parameters. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| kiteworks | Secure Data Forms | < 9.3.0 | - |
II. Public POCs for CVE-2026-24782
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-24782
请登录查看更多情报信息。
Vendor Pages for CVE-2026-24782 (1)
Same Patch Batch · kiteworks · 2026-06-01 · 9 CVEs total
| CVE-2026-24751 | 8.2 HIGH | Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting |
| CVE-2026-24752 | 8.2 HIGH | Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting |
| CVE-2026-23638 | 6.5 MEDIUM | Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled |
| CVE-2026-24753 | 6.5 MEDIUM | Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled |
| CVE-2026-24754 | 5.4 MEDIUM | Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting |
| CVE-2026-24755 | 5.4 MEDIUM | Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled |
| CVE-2026-24756 | 4.3 MEDIUM | Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled |
| CVE-2026-24761 | 3.7 LOW | Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled |
IV. Related Vulnerabilities
Same product: Secure Data Forms
- CVE-2026-24761
Kiteworks Secure Data Forms is vulnerable to Authorization B - CVE-2026-24756
Kiteworks Secure Data Forms is vulnerable to Authorization B - CVE-2026-24755
Kiteworks Secure Data Forms is vulnerable to Authorization B - CVE-2026-24753
Kiteworks Secure Data Forms is vulnerable to Authorization B - CVE-2026-24752
Kiteworks Secure Data Forms Vulnerable to Cross-site Scripti
Same vendor: kiteworks
- CVE-2026-24761
Kiteworks Secure Data Forms is vulnerable to Authorization B - CVE-2026-24756
Kiteworks Secure Data Forms is vulnerable to Authorization B - CVE-2026-24755
Kiteworks Secure Data Forms is vulnerable to Authorization B - CVE-2026-24754
Kiteworks Secure Data Forms Vulnerable to Cross-site Scripti - CVE-2026-24753
Kiteworks Secure Data Forms is vulnerable to Authorization B
Same weakness: CWE-89
- CVE-2026-10568
itsourcecode Fees Management System manage_payment.php sql i - CVE-2026-10302
itsourcecode Fees Management System manage_fee.php sql injec - CVE-2026-25879
Langroid has Prompt to SQL Injection, Leading to RCE - CVE-2026-10297
itsourcecode Fees Management System manage_course.php sql in - CVE-2026-10296
itsourcecode Fees Management System ajax.php sql injection
V. Comments for CVE-2026-24782
No comments yet