M-Files: >> M-Files Server >> 25.1.14445.5 Security Vulnerabilities
Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-04-01
Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-01-21
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
CVSS Score
5.6
EPSS Score
0.0
Published
2025-12-19
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
CVSS Score
6.3
EPSS Score
0.001
Published
2025-04-04