CVE-2026-28272 Kiteworks — Exploit & Vulnerability Details HIGH

CVE-2026-28272

HIGH CVSS 3.1: 8.1 EPSS 0.01%

Parameter	Value
CVSS	8.1 (HIGH)
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	Kiteworks
Public PoC	No

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface.

Version 9.2.0 contains a patch for the issue.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

High

Admin privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 1

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-7hxj-…

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-29092

Kiteworks

7.5

CVE-2026-23636

Kiteworks

7.2

CVE-2026-23635

Kiteworks

6.5

CVE-2026-24750

Kiteworks

5.4

CVE-2026-23514

Kiteworks

6.5

Menu

CVE-2026-28272

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-29092

CVE-2026-23636

CVE-2026-23635

CVE-2026-24750

CVE-2026-23514

CVE Details

Editor's Choice

Menu

CVE-2026-28272

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-29092

CVE-2026-23636

CVE-2026-23635

CVE-2026-24750

CVE-2026-23514

CVE Details

Editor's Choice

Stay informed on cybersecurity