HIGHCVE-2026-23514Published 2026-03-25Modified 2026-03-25CNA GitHub_M

CVE-2026-23514: Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

kiteworks / core
>= 9.2.0, < 9.2.2

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gqr-cpr6-wvm5

Metrics