Misconfiguration in Kiteworks Secure Data Forms Exposes Credentials
CVE-2026-23635

6.5MEDIUM

Key Information:

Vendor: Kiteworks
Status: Secure Data Forms
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-23635?

A configuration oversight in the Kiteworks Secure Data Forms prior to version 9.2.1 may result in the unprotected transport of sensitive credentials. This vulnerability can be exploited under specific conditions, potentially compromising user data. Users are advised to upgrade to version 9.2.1 or later to mitigate this risk. For more details, visit the official advisory.

Affected Version(s)

Secure Data Forms < 9.2.1

References

https://github.com/kiteworks/security-advisories/security...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 14, 2026

CVE-2026-23635 Data

JSON