Kiteworks Core Access Control Vulnerability (CVE-2026-23514)
Kiteworks Core versions 9.2.0 and 9.2.1 contain an access control vulnerability (CVE-2026-23514) due to improper ownership management, allowing authenticated users to access unauthorized content, which can be mitigated by upgrading to version 9.2.2 or later.
Kiteworks Core, a private data network (PDN) solution, is vulnerable to an access control issue in versions 9.2.0 and 9.2.1. This vulnerability, identified as CVE-2026-23514, stems from improper ownership management (CWE-282) within the application. An authenticated user can exploit this flaw to gain access to content they are not authorized to view or modify. The vulnerability was disclosed on March 25, 2026. Organizations using affected versions of Kiteworks Core are advised to upgrade to…
Detection coverage 2
Detect Kiteworks Unauthorized Access Attempt
mediumDetects attempts to access specific Kiteworks file paths that might indicate an exploit of CVE-2026-23514
Detect Kiteworks Suspicious API Access
mediumDetects access to Kiteworks API endpoints that may indicate exploitation of CVE-2026-23514.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1