CVE-2026-23636
Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type
In short
Kiteworks Secure Data Forms allows form managers to upload dangerous file types without proper checks. This could let attackers upload malicious files that might compromise the system or users.
Technical detail
CWE-434 vulnerability in Kiteworks Secure Data Forms versions prior to 9.2.1 permits authenticated form managers to bypass file type validation during upload operations. The missing validation mechanism fails to restrict dangerous file extensions, potentially enabling execution of malicious code or distribution of harmful content within the platform.
Summary generated and translated by AI from the official description.
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
Affected products
kiteworks · Secure Data FormsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →