{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24069", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2026-01-21T11:29:19.854Z", "datePublished": "2026-04-14T11:26:55.274Z", "dateUpdated": "2026-04-14T11:26:55.274Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2026-04-14T11:26:55.274Z"}, "title": "Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "affected": [{"vendor": "Kiuwan", "product": "SAST", "versions": [{"status": "affected", "version": "<2.8.2509.4"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p></p><div></div><p></p><div><div><p>Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.</p></div><div></div><div><div></div></div></div>"}]}], "references": [{"url": "https://r.sec-consult.com/kiuwanlock", "tags": ["third-party-advisory"]}], "solutions": [{"lang": "en", "value": "The issue was fixed for Kiuwan Cloud on 29 July 2025. For Kiuwan SAST on-premise (KOP), the issue is fixed in version 2.8.2509.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The issue was fixed for Kiuwan Cloud on 29 July 2025. For Kiuwan SAST on-premise (KOP), the issue is fixed in version 2.8.2509.4.</p>"}]}], "credits": [{"lang": "en", "value": "Bernhard Gr\u00fcndling, SEC Consult Vulnerability Lab", "type": "finder"}, {"lang": "en", "value": "Fabian W\u00fcrfl, SEC Consult Vulnerability Lab", "type": "analyst"}, {"lang": "en", "value": "Johannes Greil, SEC Consult Vulnerability Lab", "type": "analyst"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4."}], "id": "CVE-2026-24069", "lastModified": "2026-04-14T12:16:20.247", "metrics": {}, "published": "2026-04-14T12:16:20.247", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://r.sec-consult.com/kiuwanlock"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}

{}

{}