Kiteworks Security-advisories
10 CVEs affecting Kiteworks Security-advisories. Latest disclosed: 2026-06-01. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-28272 | High | 8.1 | 2026-02-27 | Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to… |
CVE-2025-53899 | High | 7.2 | 2025-11-29 | Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified… |
CVE-2025-53896 | High | 7.1 | 2025-11-29 | Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a us… |
CVE-2025-53897 | Medium | 6.8 | 2025-11-29 | Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to lo… |
CVE-2026-28271 | Medium | 6.5 | 2026-02-27 | Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protection… |
CVE-2025-53900 | Medium | 6.5 | 2025-11-29 | Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on… |
CVE-2025-53939 | Medium | 6.3 | 2025-11-29 | Kiteworks is a private data network (PDN). Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly… |
CVE-2026-28269 | Medium | 5.9 | 2026-02-26 | Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to re… |
CVE-2026-24754 | Medium | 5.4 | 2026-06-01 | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attac… |
CVE-2026-28270 | Medium | 4.9 | 2026-02-27 | Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without prope… |