CVE-2026-23635 is a vulnerability identified in Kiteworks Secure Data Forms, a component of the Kiteworks private data network (PDN) platform. The issue arises from a misconfiguration of security attributes in versions prior to 9.2.1, which leads to the unprotected transport of credentials under certain conditions. Specifically, credentials transmitted by the Secure Data Forms may not be adequately protected by encryption or secure transport protocols, exposing them to interception by attackers with network access. The vulnerability is classified under CWE-523, which pertains to unprotected transport of credentials, a common security weakness that can lead to credential compromise. According to the CVSS v3.1 score of 6.5, the vulnerability has a network attack vector (AV:N), requires high attack complexity (AC:H), does not require privileges (PR:N) or user interaction (UI:N), and affects confidentiality (C:H) and integrity (I:L) but not availability (A:N). No known exploits are currently reported in the wild. The recommended remediation is to upgrade Kiteworks Secure Data Forms to version 9.2.1 or later, where the misconfiguration has been corrected to ensure credentials are transmitted securely.

The primary impact of this vulnerability is the potential exposure of user credentials during transmission, which can lead to unauthorized access if intercepted by attackers. This compromises confidentiality significantly and can also affect integrity to a lesser extent if credentials are altered or replayed. Although availability is not impacted, the breach of credentials can facilitate further attacks such as unauthorized data access, lateral movement within networks, and potential data exfiltration. Organizations using Kiteworks Secure Data Forms for sensitive data collection and transmission are at risk of credential theft, which can undermine trust and lead to regulatory compliance issues, especially in sectors handling personal or confidential information. The high attack complexity and lack of known exploits reduce immediate risk but do not eliminate the threat, especially in targeted attacks by skilled adversaries. Failure to patch could result in increased risk of credential interception in environments where network traffic is monitored or compromised.

To mitigate this vulnerability, organizations should immediately upgrade Kiteworks Secure Data Forms to version 9.2.1 or later, where the security attribute misconfiguration has been fixed. Additionally, organizations should verify that all data transmissions involving credentials use strong encryption protocols such as TLS 1.2 or higher and that no fallback to insecure protocols is possible. Network segmentation and monitoring should be employed to detect unusual access patterns or credential use. Implementing multi-factor authentication (MFA) can reduce the impact of credential compromise. Regular security audits and configuration reviews of the Kiteworks environment should be conducted to ensure no other misconfigurations exist. Finally, educating users about secure credential handling and monitoring logs for suspicious activity can help detect exploitation attempts early.