CVE-2026-28271

Summary

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue.

Affected Software

VendorProductVersion RangeStatus
kiteworkssecurity-advisories< 9.2.0affected

Weaknesses

  • CWE-350: CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action
  • CWE-918: CWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References