PT-2026-22221 · Kiteworks · Kiteworks
Icare
+1
·
Published
2026-02-26
·
Updated
2026-04-09
·
CVE-2026-28269
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kiteworks versions prior to 9.2.0
Description
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a flaw in the command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access.
Recommendations
Update to version 9.2.0 or later.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kiteworks