Browse all 4 CVE security advisories affecting KnowBe4. AI-powered Chinese analysis, POCs, and references for each vulnerability.
KnowBe4 provides security awareness training and simulated phishing platforms to address human-centric vulnerabilities. Historically, its vulnerabilities have included cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from misconfigurations or input validation failures. The platform's security characteristics focus on user education, though its own systems have faced incidents like improper access controls and insecure direct object references. With four CVEs on record, these issues typically involve web application weaknesses rather than core functionality flaws. KnowBe4's approach aims to mitigate human error, though its own security posture has occasionally demonstrated similar vulnerabilities it seeks to help customers prevent.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-36844 | KnowBe4 Security Awareness Training 安全漏洞 — Security Awareness TrainingCWE-79 | 6.1 | Medium | 2025-04-20 |
| CVE-2020-36845 | KnowBe4 Security Awareness Training 安全漏洞 — Security Awareness TrainingCWE-601 | 5.3 | Medium | 2025-04-20 |
| CVE-2024-29210 | Knowbe4 Phish Alert Button 安全漏洞 — Phish Alert Button (PAB) for Outlook | 7.8AI | HighAI | 2024-05-07 |
| CVE-2024-29209 | Knowbe4 Phish Alert Button 安全漏洞 — Phish Alert Button (PAB) for Outlook | 9.8AI | CriticalAI | 2024-05-07 |
This page lists every published CVE security advisory associated with KnowBe4. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.