Unrated severityNVD Advisory· Published Feb 27, 2026· Updated Mar 3, 2026
Kiteworks Core has an Unrestricted Upload of File with Dangerous Type
CVE-2026-28270
Description
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.
Affected products
2- kiteworks/security-advisoriesv5Range: < 9.2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/kiteworks/security-advisories/security/advisories/GHSA-v8x9-vwg6-cj45mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.