Primary

Context

Kiteworks Server-Side Request Forgery Vulnerability via DNS Rebinding

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Kiteworks Core versions prior to 9.2.0. This vulnerability arises from a flaw in the application's configuration functionality, which allows malicious administrators to bypass existing SSRF protections through DNS rebinding attacks. Exploitation of this vulnerability could enable access to internal services that are meant to be restricted.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal services, bypassing intended restrictions.

Remediation

Users are advised to upgrade Kiteworks to version 9.2.0 or later.

Added: Feb 27, 2026, 9:23 PM

Updated: Feb 27, 2026, 9:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kiteworks Server-Side Request Forgery Vulnerability via DNS Rebinding

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating