CVE-2026-28272
CVE-2026-28272
8.1
HighPublished:
Last updated:
Source:security-advisories@github.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- Required
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- None
Description
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface. Version 9.2.0 contains a patch for the issue.
References
security-advisories@github.com
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-7hxj-ch78-xqgr