Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Accellion |
|
| Kiteworks |
|
No data.
References
History
Wed, 04 Mar 2026 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Accellion
Accellion kiteworks |
|
| CPEs | cpe:2.3:a:accellion:kiteworks:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Accellion
Accellion kiteworks |
Tue, 03 Mar 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 02 Mar 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Kiteworks
Kiteworks security-advisories |
|
| Vendors & Products |
Kiteworks
Kiteworks security-advisories |
Fri, 27 Feb 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue. | |
| Title | Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF) | |
| Weaknesses | CWE-350 CWE-918 |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-02-27T20:21:12.194Z
Updated: 2026-03-03T20:27:38.925Z
Reserved: 2026-02-26T01:52:58.733Z
Link: CVE-2026-28271
Vulnrichment
Updated: 2026-03-03T20:27:35.581Z
NVD
Status : Analyzed
Published: 2026-02-27T21:16:18.550
Modified: 2026-03-04T19:49:31.087
Link: CVE-2026-28271
Redhat
No data.