8.8
CVE-2026-23514
- EPSS 1.04%
- Veröffentlicht 25.03.2026 14:19:01
- Zuletzt bearbeitet 27.03.2026 18:52:37
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginKiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management
Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.04% | 0.595 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security-advisories@github.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-282 Improper Ownership Management
The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gqr-cpr6-wvm5