PT-2026-28070 · Kiteworks · Kiteworks Email Protection Gateway
Published
2026-03-25
·
Updated
2026-03-25
·
CVE-2026-29092
CVSS v3.1
4.9
Medium
| AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally expires. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kiteworks Email Protection Gateway