CVE-2026-28270

Kiteworks Core has an Unrestricted Upload of File with Dangerous Type

Description

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.

INFO

Published Date :

2026-02-27T20:19:54.611Z

Last Modified :

2026-02-27T20:19:54.611Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-28270 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-28270.

URL	Resource
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-v8x9-vwg6-cj45

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact