CVE-2026-28269HIGH 8.8EPSS p77.6%

CVE-2026-28269CVE-2026-28269

Description

Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access. Version 9.2.0 contains a patch.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS1.95% probability of exploitation · percentile 77.6% · 2026-06-18T12:00:27Z
Published2026-02-26
Last modified2026-03-03

Underlying weaknesses· 1

CWE-78

References

  1. https://github.com/kiteworks/security-advisories/security/advisories/GHSA-6j64-6fpp-9453

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-24756
CVE
CVE-2026-24755
CVE
CVE-2026-24753
CVE
CVE-2026-24761
CVE
CVE-2026-24754
CVE
CVE-2026-24752
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.