CVE-2026-28271

MEDIUM WAF: Medium

CVSS 6.5 Published: 2026-02-27

CWE-918

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue.

WAF Coverage Analysis

Server-Side Request Forgery (SSRF) Medium WAF Coverage

OWASP: A10:2021 SSRF

934xxx - Node.js / Generic Injection

Affected Software

Vendor	Product	Version
accellion	kiteworks	up to 9.2.0

References

github.com (Vendor Advisory)

Back to CVE Database