{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24069", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2026-01-21T11:29:19.854Z", "datePublished": "2026-04-14T11:26:55.274Z", "dateUpdated": "2026-04-14T15:45:49.812Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2026-04-14T11:26:55.274Z"}, "title": "Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "affected": [{"vendor": "Kiuwan", "product": "SAST", "versions": [{"status": "affected", "version": "<2.8.2509.4"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p></p><div></div><p></p><div><div><p>Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.</p></div><div></div><div><div></div></div></div>"}]}], "references": [{"url": "https://r.sec-consult.com/kiuwanlock", "tags": ["third-party-advisory"]}], "solutions": [{"lang": "en", "value": "The issue was fixed for Kiuwan Cloud on 29 July 2025. For Kiuwan SAST on-premise (KOP), the issue is fixed in version 2.8.2509.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The issue was fixed for Kiuwan Cloud on 29 July 2025. For Kiuwan SAST on-premise (KOP), the issue is fixed in version 2.8.2509.4.</p>"}]}], "credits": [{"lang": "en", "value": "Bernhard Gr\u00fcndling, SEC Consult Vulnerability Lab", "type": "finder"}, {"lang": "en", "value": "Fabian W\u00fcrfl, SEC Consult Vulnerability Lab", "type": "analyst"}, {"lang": "en", "value": "Johannes Greil, SEC Consult Vulnerability Lab", "type": "analyst"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:45:46.760607Z", "id": "CVE-2026-24069", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:45:49.812Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-24069", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T15:45:46.760607Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:45:43.638Z"}}], "cna": {"title": "Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Bernhard Gr\u00fcndling, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "analyst", "value": "Fabian W\u00fcrfl, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "analyst", "value": "Johannes Greil, SEC Consult Vulnerability Lab"}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "affected": [{"vendor": "Kiuwan", "product": "SAST", "versions": [{"status": "affected", "version": "<2.8.2509.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The issue was fixed for Kiuwan Cloud on 29 July 2025. For Kiuwan SAST on-premise (KOP), the issue is fixed in version 2.8.2509.4.", "supportingMedia": [{"type": "text/html", "value": "<p>The issue was fixed for Kiuwan Cloud on 29 July 2025. For Kiuwan SAST on-premise (KOP), the issue is fixed in version 2.8.2509.4.</p>", "base64": false}]}], "references": [{"url": "https://r.sec-consult.com/kiuwanlock", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.", "supportingMedia": [{"type": "text/html", "value": "<p></p><div></div><p></p><div><div><p>Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.</p></div><div></div><div><div></div></div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2026-04-14T11:26:55.274Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24069", "state": "PUBLISHED", "dateUpdated": "2026-04-14T15:45:49.812Z", "dateReserved": "2026-01-21T11:29:19.854Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2026-04-14T11:26:55.274Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4."}], "id": "CVE-2026-24069", "lastModified": "2026-04-14T16:16:37.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-14T12:16:20.247", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://r.sec-consult.com/kiuwanlock"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.8.2509.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SAST", "source": "cna", "vendor": "Kiuwan"}, "product": "sast", "vendor": "kiuwan"}], "analysis": {"en": {"generated_at": "2026-04-14T12:20:42.805247+00:00", "value": {"mitigation_remediation": ["Upgrade Kiuwan Cloud to a version released after July 29, 2025, which contains the fix for disabled account enforcement.", "Upgrade Kiuwan SAST on\u2011premise (KOP) to version 2.8.2509.4 or later, which resolves the issue.", "If an upgrade is not immediately possible, remove or disable SSO mappings for any locally disabled accounts to prevent them from authenticating.", "Monitor authentication logs for unusual or repeated login attempts from accounts that are marked as disabled.", "Validate that after applying the fix, disabled accounts cannot access the system via SSO."], "summary": {"action": "Apply patch", "impact": "Unauthorized access via disabled user SSO"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Kiuwan SAST Cloud deployments, as well as Kiuwan SAST on\u2011premise (KOP) installations running versions prior to 2.8.2509.4. No subsequent releases beyond the stated versions are known to be impacted.", "description_and_impact": "Kiuwan SAST fails to enforce that locally disabled user accounts mapped to single sign\u2011on identities are rejected during authentication. As a result, a user whose account has been disabled can still authenticate through the WebUI SSO flow and retain access to the application. This flaw represents a weak access control violation (CWE\u2011863) and permits unauthorized persistence of access, potentially allowing an attacker to read or manipulate project data, initiate scans, or otherwise abuse privileges that should be removed upon account deactivation.", "risk_and_exploitability": "The EPSS score is not provided and the vulnerability is not listed in the CISA KEV catalog, suggesting a moderate risk posture. Nonetheless, the weakness allows attackers to maintain access by simply attempting to log in through SSO with a disabled account known to the system; therefore the attack vector is inferred to be the WebUI SSO authentication flow, typically accessible over HTTPS endpoints. Because any user can attempt to authenticate, the mitigations rely on updating to patched versions or temporarily disabling SSO mapping."}}}}, "created": "2026-04-14T16:15:37.135905+00:00", "updated": "2026-04-14T16:30:34.109915+00:00", "vendors": ["kiuwan", "kiuwan$PRODUCT$sast"]}