CVE-2026-28271

Publication date

2026-02-27 20:21:12

Family

GitHub_M

State

PUBLISHED

Description

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue.