M-Files: >> M-Files Server >> 25.11.15392.1 Security Vulnerabilities
Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-04-01
Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-01-21
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
CVSS Score
5.6
EPSS Score
0.0
Published
2025-12-19
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-18