What is the CVSS score of CVE-2026-23514?

CVE-2026-23514 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Kiteworks are affected by CVE-2026-23514?

Kiteworks Core versions 9.2.0 and 9.2.1 contain an access control flaw that permits authenticated users to bypass authorization controls and access sensitive data across the private data network,…. A patch is available.

Kiteworks CVE-2026-23514

EUVD-2026-15419 HIGH

Improper Ownership Management (CWE-282)

2026-03-25 GitHub_M

Authentication Bypass

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:16 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

9.2.2

EUVD ID Assigned

Mar 25, 2026 - 14:30 euvd

EUVD-2026-15419

Analysis Generated

Mar 25, 2026 - 14:30 vuln.today

CVE Published

Mar 25, 2026 - 14:19 nvd

HIGH 8.8

DescriptionNVD

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.

AnalysisAI

An access control vulnerability exists in Kiteworks Core versions 9.2.0 and 9.2.1 that allows authenticated users to access unauthorized content within the private data network. With a CVSS score of 8.8 (High), an attacker with low-level authenticated access can potentially access, modify, or delete sensitive data they should not have permissions to view. …

RemediationAI

Within 24 hours: Identify all Kiteworks Core instances running versions 9.2.0 or 9.2.1 and confirm patch availability from vendor. Within 7 days: Apply vendor-released patch to all affected Kiteworks Core systems; test in staging environment first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-23514 vulnerability details – vuln.today

Back

Kiteworks CVE-2026-23514

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code