Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Kiteworks Can Be Tricked into Overwriting Important System Files
CVE-2026-28269
Summary
Kiteworks, a secure data-sharing platform, had a flaw that allowed authorized users to potentially overwrite critical files and gain more access than they should have. This was fixed in version 9.2.0, so make sure to update to this version or later. Updating will help prevent unauthorized access and protect your system.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| accellion | kiteworks | <= 9.2.0 | – |
Original title
Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary fil...
Original description
Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access. Version 9.2.0 contains a patch.
nvd CVSS3.1
8.8
Vulnerability type
CWE-78
OS Command Injection
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026