{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28271", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-26T01:52:58.733Z", "datePublished": "2026-02-27T20:21:12.194Z", "dateUpdated": "2026-03-03T20:27:38.925Z"}, "containers": {"cna": {"title": "Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)", "problemTypes": [{"descriptions": [{"cweId": "CWE-350", "lang": "en", "description": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rmfx-6h9w-fq87", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rmfx-6h9w-fq87"}], "affected": [{"vendor": "kiteworks", "product": "security-advisories", "versions": [{"version": "< 9.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-27T20:21:29.444Z"}, "descriptions": [{"lang": "en", "value": "Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue."}], "source": {"advisory": "GHSA-rmfx-6h9w-fq87", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T20:27:32.310501Z", "id": "CVE-2026-28271", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T20:27:38.925Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28271", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-03T20:27:32.310501Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T20:27:35.581Z"}}], "cna": {"title": "Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)", "source": {"advisory": "GHSA-rmfx-6h9w-fq87", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "kiteworks", "product": "security-advisories", "versions": [{"status": "affected", "version": "< 9.2.0"}]}], "references": [{"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rmfx-6h9w-fq87", "name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rmfx-6h9w-fq87", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-350", "description": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-27T20:21:29.444Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28271", "state": "PUBLISHED", "dateUpdated": "2026-03-03T20:27:38.925Z", "dateReserved": "2026-02-26T01:52:58.733Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-27T20:21:12.194Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:accellion:kiteworks:*:*:*:*:*:*:*:*", "matchCriteriaId": "B494C8D4-2D4B-4F5E-99C1-4CCE8DF6C911", "versionEndExcluding": "9.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue."}], "id": "CVE-2026-28271", "lastModified": "2026-03-04T19:49:31.087", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-27T21:16:18.550", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rmfx-6h9w-fq87"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-350"}, {"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.2.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "security-advisories", "source": "cna", "vendor": "kiteworks"}, "product": "security-advisories", "vendor": "kiteworks"}], "analysis": {"en": {"generated_at": "2026-04-18T17:33:20.815696+00:00", "value": {"mitigation_remediation": ["Upgrade Kiteworks Core to version 9.2.0 or later to apply the official patch", "If an upgrade is not possible immediately, disable or restrict outbound configuration requests that can trigger SSRF and block internal network addresses from being requested by the application", "Monitor administrator configuration activity for suspicious DNS rebinding attempts and review logs for anomalous internal service access"], "summary": {"action": "Patch Update", "impact": "Internal Network Access"}, "threat_synthesis": {"affected_systems": "All versions of Kiteworks Core supplied by Accellion, specifically every release before 9.2.0, are vulnerable. No other vendor or product is listed.", "description_and_impact": "The vulnerability allows a malicious administrator to bypass Server\u2011Side Request Forgery protections via DNS rebinding within Kiteworks Core\u2019s configuration functionality. This bypass grants access to internal services that should be unreachable from the public network, potentially permitting reading, modification, or tampering of internal data and applications and compromising confidentiality and integrity at the system level. The weakness is an Input Validation flaw (CWE-350) and an SSRF vulnerability (CWE-918).", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity, while the EPSS of less than 1 % suggests a very low likelihood of exploitation. The vulnerability is not included in the CISA KEV catalog. Based on the description, the likely attack vector is an authenticated administrator who can submit configuration changes that trigger the DNS rebinding attack. Successful exploitation requires administrative privileges and the ability to influence outbound requests from the application. The overall risk is mitigated by the low probability of attack, and it is inferred from the description that the vulnerability does not provide immediate remote code execution capability."}}}}, "created": "2026-03-02T12:04:57.543850+00:00", "updated": "2026-04-18T17:45:06.048425+00:00", "vendors": ["kiteworks", "kiteworks$PRODUCT$security-advisories"]}