Configuration Bypass Vulnerability in Kiteworks Private Data Network
CVE-2026-28271

6.5MEDIUM

Key Information:

Vendor: Kiteworks
Status: Security-advisories
Vendor: CVE Published:; 27 February 2026

What is CVE-2026-28271?

Kiteworks has a vulnerability in its private data network configuration that allows for DNS rebinding attacks. This loophole enables malicious administrators to bypass security measures designed to restrict access to internal services. A patch has been introduced in version 9.2.0 to address this critical issue.

Affected Version(s)

security-advisories < 9.2.0

References

https://github.com/kiteworks/security-advisories/security...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2026
Vulnerability Reserved
Feb 26, 2026

CVE-2026-28271 Data

JSON