Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.

Basic Information

ID CVE-2026-23514

Source GitHub_M

Published Mar 25, 2026 at 14:19

Modified Mar 25, 2026 at 14:45

Affected Product

Vendor kiteworks

Product core

Version >= 9.2.0, < 9.2.2

Affected Versions kiteworks core >= 9.2.0, < 9.2.2

CWE Classification

CWE-282

References

github.com /kiteworks/security-advisories/security/advisories/GHSA-5gqr-cpr6-wvm5

{
    "lastseen": "",
    "description": "Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.",
    "published": "2026-03-25T14:19:01.421Z",
    "modified": "2026-03-25T14:45:43.015Z",
    "type": "cve",
    "title": "Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management",
    "source": "GitHub_M",
    "references": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gqr-cpr6-wvm5",
    "id": "CVE-2026-23514",
    "bulletinFamily": "",
    "cwe": [
        "CWE-282"
    ],
    "cvelist": null,
    "sourceData": "kiteworks core >= 9.2.0, < 9.2.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "core",
    "version": ">= 9.2.0, < 9.2.2",
    "vendor": "kiteworks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management_CVE-2026-23514