CVE-2026-23636

Medium CVSS: 5.5

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

Vendor

Accellion

Product

Kiteworks

CWE

CWE-434

Yayın Tarihi

2026-03-25 17:16:35

Güncelleme

2026-03-27 19:13:44

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-434 Kiteworks MEDIUM Accellion 2026

Referanslar

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-cfv8-p3hq-8wmm

Benzer Kayıtlar

Medium

CVE-2026-29092

Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway…

Medium

CVE-2026-23635

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of…

High

CVE-2026-24750

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attac…

High

CVE-2026-23514

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerabili…

Medium

CVE-2026-28270

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows upl…

Medium

CVE-2026-28271

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functional…