CVE-2026-28270
HIGH WAF: Medium
CVSS 7.2
Published: 2026-02-27
CWE-434
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| accellion | kiteworks | up to 9.2.0 |
References
- github.com (Vendor Advisory)