CVE-2026-29092

Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally expires. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-92w7-fpjr-wpxc	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:accellion:kiteworks:*:*:*:*:*:*:*:*

History

27 Mar 2026, 19:01

Type	Values Removed	Values Added
Summary		(es) Kiteworks es una red de datos privada (PDN). Antes de la versión 9.2.1, una vulnerabilidad en la gestión de sesiones de Kiteworks Email Protection Gateway permite a los usuarios bloqueados mantener sesiones activas después de que su cuenta sea deshabilitada. Esto podría permitir que el acceso no autorizado continúe hasta que la sesión expire naturalmente. Actualice Kiteworks a la versión 9.2.1 o posterior para recibir un parche.
First Time		Accellion kiteworks Accellion
References	~~() https://github.com/kiteworks/security-advisories/security/advisories/GHSA-92w7-fpjr-wpxc -~~	() https://github.com/kiteworks/security-advisories/security/advisories/GHSA-92w7-fpjr-wpxc - Vendor Advisory
CPE		cpe:2.3:a:accellion:kiteworks::::::::

25 Mar 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-25 17:16

Updated : 2026-03-27 19:01

NVD link : CVE-2026-29092

Mitre link : CVE-2026-29092

CVE.ORG link : CVE-2026-29092

JSON object : View

Products Affected

accellion

kiteworks

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2026-29092", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-25T17:16:57.330", "references": [{"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-92w7-fpjr-wpxc", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally expires. Upgrade Kiteworks to version 9.2.1 or later to receive a patch."}, {"lang": "es", "value": "Kiteworks es una red de datos privada (PDN). Antes de la versi\u00f3n 9.2.1, una vulnerabilidad en la gesti\u00f3n de sesiones de Kiteworks Email Protection Gateway permite a los usuarios bloqueados mantener sesiones activas despu\u00e9s de que su cuenta sea deshabilitada. Esto podr\u00eda permitir que el acceso no autorizado contin\u00fae hasta que la sesi\u00f3n expire naturalmente. Actualice Kiteworks a la versi\u00f3n 9.2.1 o posterior para recibir un parche."}], "lastModified": "2026-03-27T19:01:19.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:accellion:kiteworks:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30A78D6E-2376-4B2C-B4AD-499D1DF88E34", "versionEndExcluding": "9.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}