Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-28271
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-27 Feb, 2026 | 20:21
Updated At-27 Feb, 2026 | 20:21
Rejected At-
▼CVE Numbering Authority (CNA)
Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue.

Affected Products
Vendor
kiteworks
Product
security-advisories
Versions
Affected
  • < 9.2.0
Problem Types
TypeCWE IDDescription
CWECWE-350CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action
CWECWE-918CWE-918: Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-350
Description: CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action
Type: CWE
CWE ID: CWE-918
Description: CWE-918: Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rmfx-6h9w-fq87
x_refsource_CONFIRM
Hyperlink: https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rmfx-6h9w-fq87
Resource:
x_refsource_CONFIRM
Details not found