CVE-2026-28269 | THREATINT

Description

Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access. Version 9.2.0 contains a patch.

PUBLISHED Reserved 2026-02-26 | Published 2026-02-26 | Updated 2026-02-26 | Assigner GitHub_M

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

< 9.2.0

affected

References

github.com/...sories/security/advisories/GHSA-6j64-6fpp-9453

cve.org (CVE-2026-28269)

nvd.nist.gov (CVE-2026-28269)

Download JSON