Shodan
Vulnerabilities
Vulnerable Software
M-Files:  Security Vulnerabilities
CVE-2026-0932
Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-04-01
CVE-2026-0663
Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-01-21
CVE-2025-14267
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
CVSS Score
5.6
EPSS Score
0.0
Published
2025-12-19
CVE-2025-14318
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-18
CVE-2025-11681
Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-11-17
CVE-2025-9826
Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-09-15
CVE-2025-2091
An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-06-16
CVE-2025-5964
A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.
CVSS Score
8.4
EPSS Score
0.002
Published
2025-06-15
CVE-2025-3086
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
CVSS Score
6.3
EPSS Score
0.001
Published
2025-04-04
CVE-2025-3087
Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts
CVSS Score
5.1
EPSS Score
0.001
Published
2025-04-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved