Browse all 15 CVE security advisories affecting kiteworks. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kiteworks provides a secure file transfer and content collaboration platform for enterprises handling sensitive data. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation failures and access control weaknesses. The platform has faced multiple security incidents, including a 2023 breach exposing customer data due to an unpatched vulnerability. With 15 CVEs recorded, Kiteworks has demonstrated recurring issues in secure coding practices, particularly in web application components and authentication mechanisms. Organizations implementing Kiteworks should prioritize timely patching and harden configurations against common attack vectors targeting enterprise file sharing systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-23636 | Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type — Secure Data FormsCWE-434 | 5.5 | Medium | 2026-03-25 |
| CVE-2026-23635 | Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials — Secure Data FormsCWE-523 | 6.5 | Medium | 2026-03-25 |
| CVE-2026-24750 | Kiteworks Secure Data Forms vulnerable to Cross-site Scripting — Secure Data FormsCWE-79 | 7.6 | High | 2026-03-25 |
This page lists every published CVE security advisory associated with kiteworks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.