🔐 CVE Alert

CVE-2026-24069

MEDIUM 5.4

Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST

CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
4th

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.

CWE CWE-863
Vendor kiuwan
Product sast
Published Apr 14, 2026
Last Updated Apr 14, 2026
Stay Ahead of the Next One

Get instant alerts for kiuwan sast

Be the first to know when new medium vulnerabilities affecting kiuwan sast are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Kiuwan / SAST
<2.8.2509.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗
r.sec-consult.com: https://r.sec-consult.com/kiuwanlock seclists.org: http://seclists.org/fulldisclosure/2026/Apr/5

Credits

Bernhard Gründling, SEC Consult Vulnerability Lab Fabian Würfl, SEC Consult Vulnerability Lab Johannes Greil, SEC Consult Vulnerability Lab