Access Control Vulnerability in Kiteworks Core Affects Authenticated Users
CVE-2026-23514

8.8HIGH

Key Information:

Vendor

Kiteworks

Status
Core
Vendor
CVE Published:
25 March 2026

What is CVE-2026-23514?

An access control vulnerability was identified in Kiteworks Core that allows authenticated users to bypass restrictions and gain access to unauthorized content. This issue is present in versions 9.2.0 and 9.2.1. To mitigate the risk associated with this vulnerability, it is essential for users to upgrade to version 9.2.2 or later, which includes necessary security enhancements and fixes. For further details, consult the official advisory.

Affected Version(s)

core >= 9.2.0, < 9.2.2

References

https://github.com/kiteworks/security-advisories/security...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.