PT-2026-28067 · Kiteworks · Kiteworks
Published
2026-03-25
·
Updated
2026-03-25
·
CVE-2026-23636
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kiteworks versions prior to 9.2.1
Description
Kiteworks Secure Data Forms allows a form manager to potentially exploit an unrestricted upload of files with dangerous types due to missing validation. This occurs in versions prior to 9.2.1.
Recommendations
Upgrade Kiteworks to version 9.2.1 or later.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kiteworks