Home / Vulnerability Intelligence / CVE-2026-28272

CVE-2026-28272 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: February 27, 2026

Kiteworks - Stored XSS

Published: February 27, 2026Updated: February 27, 2026Remote Exploitable

Overview

Kiteworks < 9.2.0 contains a stored XSS caused by malicious script injection via a configuration interface, letting authenticated administrators execute scripts when users interact with the interface, exploit requires admin authentication.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Authenticated administrators can execute malicious scripts, potentially compromising user sessions or data.

Mitigation

Update to version 9.2.0 or later.

References

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-7hxj-ch78-xqgr

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-28272
Severity: High
CVSS Score: 8.1
Type: stored_xss
Status: new

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N