CVE-2026-24069

CVE-2026-24069: Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST

Vendor Kiuwan
Product SAST
Weakness CWE-863 · Incorrect authorization
Published April 14, 2026
Last update April 14, 2026

CVSS base score

What the vulnerability does

01Description

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.

Key dates

02Disclosure timeline

April 14, 2026 CVE published
April 14, 2026 Record updated