CVE-2026-23635

Summary

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

Affected Software

VendorProductVersion RangeStatus
kiteworksSecure Data Forms< 9.2.1affected

Weaknesses

  • CWE-523: CWE-523: Unprotected Transport of Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References