Cyber Resilience

CVE-2026-28269

MediumRCE

Published: 26 February 2026

Published
26 February 2026
Modified
03 March 2026
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0195 77.6th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-28269 is a medium-severity OS Command Injection (CWE-78) vulnerability in Accellion Kiteworks. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-28269 affects Kiteworks, a private data network (PDN), in versions prior to 9.2.0. The vulnerability lies in the command execution functionality, where authenticated users can redirect command output to arbitrary file locations. Classified as CWE-78 (OS Command Injection), it has a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N), indicating network accessibility but requiring high privileges and attack complexity.

High-privilege authenticated users can exploit this vulnerability over the network without user interaction. Successful exploitation allows overwriting critical system files, which could lead to elevated access on the affected system.

Kiteworks version 9.2.0 contains a patch addressing this issue. Additional details are available in the security advisory at https://github.com/kiteworks/security-advisories/security/advisories/GHSA-6j64-6fpp-9453.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated…

more

access. Version 9.2.0 contains a patch.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

OS command injection (CWE-78) in network-accessible Kiteworks app enables Unix shell command execution via output redirection to overwrite system files for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23514Same product: Accellion Kiteworks
CVE-2026-24782Same product: Accellion Kiteworks
CVE-2026-28270Same product: Accellion Kiteworks
CVE-2026-23636Same product: Accellion Kiteworks
CVE-2026-24751Same product: Accellion Kiteworks
CVE-2026-29092Same product: Accellion Kiteworks
CVE-2026-24752Same product: Accellion Kiteworks
CVE-2026-28272Same product: Accellion Kiteworks
CVE-2026-24750Same product: Accellion Kiteworks
CVE-2025-13447Same product class: managed file transfer

Affected Assets

accellion
kiteworks
≤ 9.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates command-execution inputs to block arbitrary output redirection to system files.

prevent

Restricts authenticated users to only the minimal privileges needed, preventing file-overwrite commands.

prevent

Enforces access restrictions on modifications to critical system files that the vulnerability targets.

References