CVE-2026-24069

EUVD-2026-22245 MEDIUM

2026-04-14 SEC-VLab

Authentication Bypass

5.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

patch_available

Apr 16, 2026 - 05:29 EUVD

2.8.2509.4

Analysis Generated

Apr 14, 2026 - 16:22 vuln.today

CVSS Changed

Apr 14, 2026 - 16:22 NVD

5.4 (MEDIUM)

DescriptionNVD

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.

AnalysisAI

Kiuwan SAST fails to properly enforce SSO login authorization for locally disabled user accounts, permitting disabled users to maintain application access through single sign-on mechanisms. This affects Kiuwan Cloud and Kiuwan SAST on-premise (KOP) versions prior to 2.8.2509.4, enabling authenticated attackers with prior credentials to bypass account disablement controls. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-24069 vulnerability details – vuln.today

Back