Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

kiteworks — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting kiteworks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Kiteworks provides a secure file transfer and content collaboration platform for enterprises handling sensitive data. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation failures and access control weaknesses. The platform has faced multiple security incidents, including a 2023 breach exposing customer data due to an unpatched vulnerability. With 15 CVEs recorded, Kiteworks has demonstrated recurring issues in secure coding practices, particularly in web application components and authentication mechanisms. Organizations implementing Kiteworks should prioritize timely patching and harden configurations against common attack vectors targeting enterprise file sharing systems.

Top products by kiteworks: security-advisories Secure Data Forms OwnCloud core Kiteworks Email Protection Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2026-29092 Kiteworks Email Protection Gateway has an Insufficient Session Expiration — Kiteworks Email Protection GatewayCWE-613 4.9 Medium2026-03-25
CVE-2026-23636 Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type — Secure Data FormsCWE-434 5.5 Medium2026-03-25
CVE-2026-23635 Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials — Secure Data FormsCWE-523 6.5 Medium2026-03-25
CVE-2026-24750 Kiteworks Secure Data Forms vulnerable to Cross-site Scripting — Secure Data FormsCWE-79 7.6 High2026-03-25
CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management — coreCWE-282 8.8 High2026-03-25
CVE-2026-28272 Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability — security-advisoriesCWE-79 8.1 High2026-02-27
CVE-2026-28271 Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF) — security-advisoriesCWE-350 6.5 Medium2026-02-27
CVE-2026-28270 Kiteworks Core has an Unrestricted Upload of File with Dangerous Type — security-advisoriesCWE-434 4.9 Medium2026-02-27
CVE-2026-28269 Kiteworks Core has an OS Command Injection — security-advisoriesCWE-78 5.9 Medium2026-02-26
CVE-2025-53939 Kiteworks Core is vulnerable to Improper Input Validation — security-advisoriesCWE-20 6.3 Medium2025-11-29
CVE-2025-53900 Kiteworks MFT has a Privilege Defined With Unsafe Actions — security-advisoriesCWE-267 6.5 Medium2025-11-29
CVE-2025-53899 Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel — security-advisoriesCWE-941 7.2 High2025-11-29
CVE-2025-53897 Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability — security-advisoriesCWE-352 6.8 Medium2025-11-29
CVE-2025-53896 Kiteworks MFT is vulnerable to Insufficient Session Expiration — security-advisoriesCWE-613 7.1 High2025-11-29
CVE-2023-7273 Cross Site Request Forgery in Kiteworks OwnCloud — OwnCloudCWE-352 6.8 Medium2024-10-01

This page lists every published CVE security advisory associated with kiteworks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.