Skip to main content

Kiteworks Email Protection Gateway

1 CVEs product

Monthly

CVE-2026-29092 MEDIUM PATCH This Month

A session management vulnerability in Kiteworks Email Protection Gateway versions prior to 9.2.1 allows disabled user accounts to maintain active sessions indefinitely until natural session expiration. An attacker with a disabled account could continue accessing the platform and potentially modify data or system settings without re-authentication. While this vulnerability has not been reported as actively exploited (KEV status not listed as in-the-wild), it represents a direct bypass of account suspension controls and warrants prompt patching.

Authentication Bypass Kiteworks Email Protection Gateway
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A session management vulnerability in Kiteworks Email Protection Gateway versions prior to 9.2.1 allows disabled user accounts to maintain active sessions indefinitely until natural session expiration. An attacker with a disabled account could continue accessing the platform and potentially modify data or system settings without re-authentication. While this vulnerability has not been reported as actively exploited (KEV status not listed as in-the-wild), it represents a direct bypass of account suspension controls and warrants prompt patching.

Authentication Bypass Kiteworks Email Protection Gateway
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy