M-Files: >> M-Files Server >> 24.8.13981.13 Security Vulnerabilities
Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.
CVSS Score
4.9
EPSS Score
0.001
Published
2026-01-21
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
CVSS Score
4.9
EPSS Score
0.0
Published
2025-12-19
Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-17
A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-15
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
CVSS Score
7.1
EPSS Score
0.003
Published
2025-04-04
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-01-23
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords
CVSS Score
4.9
EPSS Score
0.002
Published
2025-01-23
Denial of service condition in M-Files Server in versions before
25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.
CVSS Score
7.5
EPSS Score
0.005
Published
2025-01-23