Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally expires. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
References
| Link | Resource |
|---|---|
| https://github.com/kiteworks/security-advisories/security/advisories/GHSA-92w7-fpjr-wpxc | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2026-03-25 17:16
Updated : 2026-03-27 19:01
NVD link : CVE-2026-29092
Mitre link : CVE-2026-29092
CVE.ORG link : CVE-2026-29092
JSON object : View
Products Affected
accellion
- kiteworks
CWE
CWE-613
Insufficient Session Expiration