CVE-2026-28270

Published February 27th, 2026

View on NVD ↗

CVSS v3

4.9

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.

kiteworks/security-advisories

Security advisories for all published CVEs of Kiteworks

GitHub