Refine your search
1 vulnerability found for Kiteworks Email Protection Gateway by kiteworks
CVE-2026-29092 (GCVE-0-2026-29092)
Vulnerability from cvelistv5
Published
2026-03-25 16:59
Modified
2026-03-25 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally expires. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kiteworks | Kiteworks Email Protection Gateway |
Version: < 9.2.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T17:29:30.459619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T17:29:41.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kiteworks Email Protection Gateway",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally expires. Upgrade Kiteworks to version 9.2.1 or later to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:59:55.033Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-92w7-fpjr-wpxc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-92w7-fpjr-wpxc"
}
],
"source": {
"advisory": "GHSA-92w7-fpjr-wpxc",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Email Protection Gateway has an Insufficient Session Expiration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29092",
"datePublished": "2026-03-25T16:59:55.033Z",
"dateReserved": "2026-03-03T21:54:06.707Z",
"dateUpdated": "2026-03-25T17:29:41.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}