CVE-2026-23514

Summary

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.

Affected Software

VendorProductVersion RangeStatus
kiteworkscore>= 9.2.0, < 9.2.2affected

Weaknesses

  • CWE-282: CWE-282: Improper Ownership Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References