CVE-2026-23514

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gqr-cpr6-wvm5	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:accellion:kiteworks:9.2.0:::::::*
	cpe:2.3:a:accellion:kiteworks:9.2.1:::::::*

History

No history.

Information

Published : 2026-03-25 15:16

Updated : 2026-03-27 18:52

NVD link : CVE-2026-23514

Mitre link : CVE-2026-23514

CVE.ORG link : CVE-2026-23514

JSON object : View

Products Affected

accellion

kiteworks

CWE

CWE-282

Improper Ownership Management

{"id": "CVE-2026-23514", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-03-25T15:16:37.967", "references": [{"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gqr-cpr6-wvm5", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-282"}]}], "descriptions": [{"lang": "en", "value": "Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch."}, {"lang": "es", "value": "Kiteworks es una red de datos privada (PDN). Las versiones 9.2.0 y 9.2.1 de Kiteworks Core tienen una vulnerabilidad de control de acceso que permite a los usuarios autenticados acceder a contenido no autorizado. Actualice Kiteworks Core a la versi\u00f3n 9.2.2 o posterior para recibir un parche."}], "lastModified": "2026-03-27T18:52:37.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:accellion:kiteworks:9.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E39C1D0F-1FB2-424A-9EE4-5B653A1AC66E"}, {"criteria": "cpe:2.3:a:accellion:kiteworks:9.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06208F4-EF54-43E5-84D8-144173AA604A"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}