CVE-2026-24069

Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST

CVSS 5.4 MEDIUMEPSS 0.2%CWE-863

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Apr 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected products

Kiuwan · SAST

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2026/Apr/5 https://r.sec-consult.com/kiuwanlock