CVE-2026-29092

MEDIUM NVD

CVSS Score 4.9

Severity MEDIUM

Published Mar 25, 2026

Vendor unknown

Description

Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally expires. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

References

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-92w7-fpjr-wpxc