EUVD-2026-15419CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.
Analysis
An access control vulnerability exists in Kiteworks Core versions 9.2.0 and 9.2.1 that allows authenticated users to access unauthorized content within the private data network. With a CVSS score of 8.8 (High), an attacker with low-level authenticated access can potentially access, modify, or delete sensitive data they should not have permissions to view. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Kiteworks deployments to identify affected versions (9.2.0, 9.2.1) and restrict administrative access; notify security and data owners of potentially exposed assets. Within 7 days: Implement network segmentation to limit lateral movement from compromised low-privilege accounts; enable enhanced logging and monitoring on Kiteworks access events for forensic review. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today