Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST

Description

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.

Affected Products

Vendor	Product	Versions
Kiuwan	SAST	<2.8.2509.4

References

https://r.sec-consult.com/kiuwanlock(third-party-advisory)

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-24069 | Kiuwan SAST prior 2.8.2509.4 User Account authorization

→ No new info (linked only)

CVSS 3.15.4 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

2.8.2509.4

CWECWE-863

PublishedApr 14, 2026

Last enriched4h agov2

Trending Score20

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated severity to CRITICAL, added description with technical details, and specified patch available as version 2.8.2509.4.

patchAvailable

via VulDB

v14h ago

Initial creation