Home / Vulnerability Intelligence / CVE-2026-23514

CVE-2026-23514 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 25, 2026

Kiteworks Core - Broken Access Control

Published: March 25, 2026Updated: March 25, 2026Remote Exploitable

Overview

Kiteworks Core 9.2.0 and 9.2.1 contain a broken access control vulnerability caused by improper authorization checks, letting authenticated users access unauthorized content, exploit requires user authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 3.1%(Probability of exploitation in next 30 days)

Impact

Authenticated users can access unauthorized content, potentially leading to data exposure.

Mitigation

Upgrade to version 9.2.2 or later.

References

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gqr-cpr6-wvm5

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 26, 2026

🟠 CVE-2026-23514 - High (8.8) Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23514/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-23514
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: unconfirmed
EPSS: 3.1%
Social Posts: 1

CWE

CWE-282

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

3.1%Probability of exploitation in the next 30 days