CVE-2026-23514— Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-23514
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management
Source: NVD (National Vulnerability Database)
Vulnerability Description
Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
属主管理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Kiteworks Core 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Kiteworks Core是美国Kiteworks公司的一款提供安全文件传输与内容治理能力的企业数据交换平台。 Kiteworks Core 9.2.0版本和9.2.1版本存在安全漏洞,该漏洞源于访问控制不当,可能导致未经授权的访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-23514
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-23514
请登录查看更多情报信息。
Same Patch Batch · kiteworks · 2026-03-25 · 5 CVEs total
| CVE-2026-24750 | 7.6 HIGH | Kiteworks Secure Data Forms vulnerable to Cross-site Scripting |
| CVE-2026-23635 | 6.5 MEDIUM | Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials |
| CVE-2026-23636 | 5.5 MEDIUM | Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous |
| CVE-2026-29092 | 4.9 MEDIUM | Kiteworks Email Protection Gateway has an Insufficient Session Expiration |
IV. Related Vulnerabilities
Same product: core
- CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets - CVE-2026-40583
UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant - CVE-2026-34578
OPNsense has an LDAP Injection via Unsanitized Username in A - CVE-2026-34762
Ella Core Has Audit Log Falsification via Path/Body IMSI Mis - CVE-2026-34761
Ella Core Panics Upon NGAP handover failure
Same vendor: kiteworks
- CVE-2026-29092
Kiteworks Email Protection Gateway has an Insufficient Sessi - CVE-2026-23636
Kiteworks Secure Data Forms is vulnerable to an Unrestricted - CVE-2026-23635
Kiteworks Secure Data Forms has a potential Unprotected Tran - CVE-2026-24750
Kiteworks Secure Data Forms vulnerable to Cross-site Scripti - CVE-2026-28272
Kiteworks Email Protection Gateway has a Cross-site Scriptin
V. Comments for CVE-2026-23514
No comments yet