CVE-2026-23636
MEDIUMKiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type
Title source: cnaDescription
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-cfv8-p3hq-8wmm
Scores
CVSS v3
5.5
EPSS
0.0099
EPSS Percentile
57.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-434
Status
published
Products (2)
accellion/kiteworks
< 9.2.1
kiteworks/Secure Data Forms
< 9.2.1
Published
Mar 25, 2026
Tracked Since
Mar 25, 2026