{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/kiteworks/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["access-control","vulnerability","kiteworks"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eKiteworks Core, a private data network (PDN) solution, is vulnerable to an access control issue in versions 9.2.0 and 9.2.1. This vulnerability, identified as CVE-2026-23514, stems from improper ownership management (CWE-282) within the application. An authenticated user can exploit this flaw to gain access to content they are not authorized to view or modify. The vulnerability was disclosed on March 25, 2026. Organizations using affected versions of Kiteworks Core are advised to upgrade to…\u003c/p\u003e\n","date_modified":"2026-03-25T15:16:37Z","date_published":"2026-03-25T15:16:37Z","id":"/briefs/2026-03-kiteworks-access-control/","summary":"Kiteworks Core versions 9.2.0 and 9.2.1 contain an access control vulnerability (CVE-2026-23514) due to improper ownership management, allowing authenticated users to access unauthorized content, which can be mitigated by upgrading to version 9.2.2 or later.","title":"Kiteworks Core Access Control Vulnerability (CVE-2026-23514)","url":"https://feed.craftedsignal.io/briefs/2026-03-kiteworks-access-control/"}],"language":"en","title":"CraftedSignal Threat Feed — Kiteworks","version":"https://jsonfeed.org/version/1.1"}