CVE-2026-28270
Arbitrary File Upload Vulnerability in Kiteworks PDN Before
Publication date: 2026-02-27
Last updated on: 2026-03-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| accellion | kiteworks | to 9.2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28270 is a moderate severity vulnerability in Kiteworks Core versions prior to 9.2.0 caused by an unrestricted file upload flaw. This flaw allows malicious administrators with high privileges to upload arbitrary and potentially dangerous file types without proper validation. The vulnerability can be exploited remotely over the network and does not require user interaction.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Kiteworks Core to version 9.2.0 or later, which contains the patch for the unrestricted file upload flaw.
Since the vulnerability requires high privileges to exploit, ensure that administrative access is tightly controlled and monitored to prevent malicious administrators from exploiting this issue.
How can this vulnerability impact me? :
The vulnerability primarily impacts data integrity because unauthorized file uploads could lead to modification of system data. However, it does not affect confidentiality or availability of the system. Exploitation requires high privileges, so only malicious administrators can exploit this flaw.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know