M-Files: >> M-Files Server >> 25.12 Security Vulnerabilities
Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.
CVSS Score
4.9
EPSS Score
0.001
Published
2026-01-21
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
CVSS Score
4.9
EPSS Score
0.0
Published
2025-12-19
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-18