Every CVE whose affected-product data names Accellion Kiteworks, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2021-31586 — CVSS 8.8 (high): Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search.
CVE-2026-23514 — CVSS 8.8 (high): Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows…
CVE-2026-24752 — CVSS 8.2 (high): Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow…
CVE-2026-24751 — CVSS 8.2 (high): Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow…
CVE-2026-28272 — CVSS 8.1 (high): Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows…
CVE-2026-24750 — CVSS 7.6 (high): Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit…
CVE-2026-24782 — CVSS 7.6 (high): Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms…
CVE-2021-31585 — CVSS 6.7 (medium): Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow…
CVE-2017-9421 — CVSS 6.5 (medium): Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf…
CVE-2026-23635 — CVSS 6.5 (medium): Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security…
CVE-2026-23638 — CVSS 6.5 (medium): Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks…
CVE-2026-24753 — CVSS 6.5 (medium): Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks…
CVE-2026-28271 — CVSS 6.5 (medium): Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows…
CVE-2025-53939 — CVSS 6.3 (medium): Kiteworks is a private data network (PDN). Prior to version 9.1.0, improper input validation when managing roles of a shared folder could…
CVE-2026-28269 — CVSS 5.9 (medium): Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows…
CVE-2026-23636 — CVSS 5.5 (medium): Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially…
CVE-2026-24754 — CVSS 5.4 (medium): Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an…
CVE-2026-24755 — CVSS 5.4 (medium): Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks…
CVE-2026-28270 — CVSS 4.9 (medium): Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary…
CVE-2026-29092 — CVSS 4.9 (medium): Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management…
CVE-2026-24756 — CVSS 4.3 (medium): Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks…
CVE-2026-24761 — CVSS 3.7 (low): Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks…