CVE-2026-23636

Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type

Description

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

INFO

Published Date :

2026-03-25T16:58:36.194Z

Last Modified :

2026-03-27T14:56:49.566Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-23636 vulnerability.

Vendors	Products
Accellion	Kiteworks
Kiteworks	Secure Data Forms

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23636.

URL	Resource
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-cfv8-p3hq-8wmm

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact