Session Management Flaw in Kiteworks Email Protection Gateway by Kiteworks
CVE-2026-29092

4.9MEDIUM

Key Information:

Vendor: Kiteworks
Status: Kiteworks Email Protection Gateway
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-29092?

A security flaw in the Kiteworks Email Protection Gateway prior to version 9.2.1 allows blocked users to retain active sessions even after their accounts have been disabled. This serious issue could enable unauthorized users to maintain access to sensitive information until their session expires naturally. It is crucial for users to upgrade to version 9.2.1 or later to resolve this vulnerability and enhance their security posture.

Affected Version(s)

Kiteworks Email Protection Gateway < 9.2.1

References

https://github.com/kiteworks/security-advisories/security...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-29092 Data

JSON