CVE-2026-23514

Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management

Description

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.

Affected Products

Vendor	Product	Versions
kiteworks	core	>= 9.2.0, < 9.2.2

References

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gqr-cpr6-wvm5(x_refsource_CONFIRM)

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-23514 | Kiteworks Core up to 9.2.1 improper ownership management

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-282

Published3/25/2026

Last enriched2h agov2

Trending Score43

Source articles2

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated severity to CRITICAL, marked as actively exploited, and noted that no exploit is available.

severityactivelyExploitedpatchAvailable

via VulDB

v13h ago

Initial creation