MidnightBSD

Advisories for accellion

CVE-2009-4644 HIGH

Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
accellion secure_file_transfer_appliance 7_0_296
accellion secure_file_transfer_appliance 7_0_259
accellion secure_file_transfer_appliance 7_0_135
accellion secure_file_transfer_appliance 7_0_178
accellion secure_file_transfer_appliance 7_0_189
CVE-2009-4645 HIGH

Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
accellion secure_file_transfer_appliance 7_0_296
accellion secure_file_transfer_appliance 7_0_259
accellion secure_file_transfer_appliance 7_0_135
accellion secure_file_transfer_appliance 7_0_178
accellion secure_file_transfer_appliance 7_0_189
CVE-2009-4646 HIGH

Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
accellion secure_file_transfer_appliance *
CVE-2009-4647 MEDIUM

Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
accellion secure_file_transfer_appliance 7_0_259
accellion secure_file_transfer_appliance 7_0_135
accellion secure_file_transfer_appliance 7_0_178
accellion secure_file_transfer_appliance 7_0_189
CVE-2009-4648 HIGH

Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
accellion secure_file_transfer_appliance 7_0_296
accellion secure_file_transfer_appliance 7_0_259
accellion secure_file_transfer_appliance 7_0_135
accellion secure_file_transfer_appliance 7_0_178
accellion secure_file_transfer_appliance 7_0_189
CVE-2015-2856 MEDIUM

Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2015-2857 HIGH

Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2016-2350 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2016-2351 HIGH

SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2016-2352 MEDIUM

The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2016-2353 HIGH

The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,NVD-CWE-Other,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2016-5662 HIGH

Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
accellion kiteworks_appliance *
CVE-2016-5663 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
accellion kiteworks_appliance *
CVE-2016-5664 MEDIUM

Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
accellion kiteworks_appliance *
CVE-2016-9499 MEDIUM

Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-204,CWE-200,

Products Affected

Vendor Product Version
accellion ftp_server *
CVE-2016-9500 MEDIUM

Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
accellion ftp_server *
CVE-2017-8303 HIGH

An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-116,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-8304 MEDIUM

An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-8760 MEDIUM

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-8788 MEDIUM

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-93,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-8789 HIGH

An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-8790 HIGH

An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-90,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-8791 MEDIUM

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-93,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-8792 MEDIUM

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-8793 MEDIUM

An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-8794 MEDIUM

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-8795 MEDIUM

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-8796 HIGH

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
accellion file_transfer_appliance *
CVE-2017-9421 MEDIUM

Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
accellion kiteworks *
CVE-2019-5622 HIGH

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
accellion file_transfer_appliance 8_0_540
CVE-2019-5623 HIGH

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-78,

Products Affected

Vendor Product Version
accellion file_transfer_appliance 8_0_540
CVE-2021-27101 HIGH

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
accellion fta *
CVE-2021-27102 HIGH

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
accellion fta *
CVE-2021-27103 HIGH

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
accellion fta *
CVE-2021-27104 HIGH

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
accellion fta *
CVE-2021-27730 HIGH

Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
accellion fta *
CVE-2021-27731 MEDIUM

Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
accellion fta *
CVE-2021-31585 MEDIUM

Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
accellion kiteworks *
CVE-2021-31586 MEDIUM

Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
accellion kiteworks *
CVE-2022-24110 MEDIUM

Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
accellion managed_file_transfer *
CVE-2025-53896

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
accellion kiteworks_managed_file_transfer *
CVE-2025-53897

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has been patched in version 9.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
accellion kiteworks_managed_file_transfer *
CVE-2025-53899

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
accellion kiteworks_managed_file_transfer *
CVE-2025-53900

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
accellion kiteworks_managed_file_transfer *
CVE-2025-53939

Kiteworks is a private data network (PDN). Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
accellion kiteworks *
CVE-2026-23514

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
accellion kiteworks 9.2.0
accellion kiteworks 9.2.1
CVE-2026-23635

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N 2.2 4.2

Products Affected

Vendor Product Version
accellion kiteworks *
CVE-2026-23636

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 1.2 4.2

Products Affected

Vendor Product Version
accellion kiteworks *
CVE-2026-24750

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L 2.1 5.5

Products Affected

Vendor Product Version
accellion kiteworks *
CVE-2026-28269

Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access. Version 9.2.0 contains a patch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N 0.7 5.2

Products Affected

Vendor Product Version
accellion kiteworks *
CVE-2026-28270

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

Products Affected

Vendor Product Version
accellion kiteworks *
CVE-2026-28271

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
accellion kiteworks *
CVE-2026-28272

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface. Version 9.2.0 contains a patch for the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 1.7 5.8

Products Affected

Vendor Product Version
accellion kiteworks *
CVE-2026-29092

Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally expires. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

Products Affected

Vendor Product Version
accellion kiteworks *