Unrestricted File Upload in Kiteworks Secure Data Forms
CVE-2026-23636

5.5MEDIUM

Key Information:

Vendor: Kiteworks
Status: Secure Data Forms
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-23636?

Kiteworks Secure Data Forms, prior to version 9.2.1, are susceptible to a vulnerability that allows attackers to exploit unrestricted file upload functionality. This occurs due to a lack of proper validation mechanisms, enabling a form manager to upload files of potentially dangerous types. It is crucial to upgrade to version 9.2.1 or later to mitigate this risk and ensure the security of sensitive data shared via the platform.

Affected Version(s)

Secure Data Forms < 9.2.1

References

https://github.com/kiteworks/security-advisories/security...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 14, 2026

CVE-2026-23636 Data

JSON