Unrated severityNVD Advisory· Published Mar 25, 2026· Updated Mar 25, 2026

Kiteworks Email Protection Gateway has an Insufficient Session Expiration

CVE-2026-29092

Description

Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally expires. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

Affected products

Kiteworks/Kiteworksllm-create
Range: <9.2.1
Kiteworks/Kiteworks Email Protection Gatewayv5
Range: < 9.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/kiteworks/security-advisories/security/advisories/GHSA-92w7-fpjr-wpxcmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000