Skip to main content

Kiteworks CVE-2026-28270

MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-02-27 security-advisories@github.com
4.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 27, 2026 - 21:16 nvd
MEDIUM 4.9

DescriptionGitHub Advisory

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.

AnalysisAI

Kiteworks versions prior to 9.2.0 lack proper file validation in their configuration upload functionality, allowing authenticated administrators to upload arbitrary files to the system. An attacker with administrative privileges could exploit this to introduce malicious or unauthorized file types, potentially compromising system integrity. A patch is available in version 9.2.0 and later.

Technical ContextAI

Classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). Affects Kiteworks. Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.

RemediationAI

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.

Share

CVE-2026-28270 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy