CVE-2026-28271

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0

Description Kiteworks is a private data network (PDN). Prior to version 9.2.0, a flaw in the configuration functionality allows bypassing of Server-Side Request Forgery (SSRF) protections through DNS rebinding attacks. Malicious administrators could exploit this to access restricted internal services.

Recommendations Update to version 9.2.0 or later.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-350CWE-918

Related Identifiers

CVE-2026-28271

GHSA-RMFX-6H9W-FQ87

Affected Products

Kiteworks

CVE-2026-28271

Weakness Enumeration

Related Identifiers

Affected Products

References · 8