Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.
References
| Link | Resource |
|---|---|
| https://github.com/kiteworks/security-advisories/security/advisories/GHSA-v8x9-vwg6-cj45 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2026-02-27 21:16
Updated : 2026-03-04 19:50
NVD link : CVE-2026-28270
Mitre link : CVE-2026-28270
CVE.ORG link : CVE-2026-28270
JSON object : View
Products Affected
accellion
- kiteworks
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type