CVE-2026-24069 | THREATINT

Description

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.

PUBLISHED Reserved 2026-01-21 | Published 2026-04-14 | Updated 2026-04-14 | Assigner SEC-VLab

Problem types

CWE-863 Incorrect Authorization

Product status

Default status

unaffected

<2.8.2509.4

affected

Credits

Bernhard Gründling, SEC Consult Vulnerability Lab finder

Fabian Würfl, SEC Consult Vulnerability Lab analyst

Johannes Greil, SEC Consult Vulnerability Lab analyst

References

seclists.org/fulldisclosure/2026/Apr/5

r.sec-consult.com/kiuwanlock third-party-advisory

cve.org (CVE-2026-24069)

nvd.nist.gov (CVE-2026-24069)

Download JSON