CVE-2026-28270

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-v8x9-vwg6-cj45	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:accellion:kiteworks:*:*:*:*:*:*:*:*

History

04 Mar 2026, 19:50

Type	Values Removed	Values Added
CPE		cpe:2.3:a:accellion:kiteworks::::::::
First Time		Accellion kiteworks Accellion
References	~~() https://github.com/kiteworks/security-advisories/security/advisories/GHSA-v8x9-vwg6-cj45 -~~	() https://github.com/kiteworks/security-advisories/security/advisories/GHSA-v8x9-vwg6-cj45 - Vendor Advisory

27 Feb 2026, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-27 21:16

Updated : 2026-03-04 19:50

NVD link : CVE-2026-28270

Mitre link : CVE-2026-28270

CVE.ORG link : CVE-2026-28270

JSON object : View

Products Affected

accellion

kiteworks

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

4.9 /10