CVE-2026-0932
Received Received - Intake

Blind SSRF in M-Files Server Legacy Co-Authoring Features

Vulnerability report for CVE-2026-0932, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-01

Last updated on: 2026-04-02

Assigner: M-Files Corporation

Description

Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-01
Last Modified
2026-04-02
Generated
2026-07-06
AI Q&A
2026-04-01
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
m-files m-files_server to 26.3.15818.5 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-0932 is a blind server-side request forgery (SSRF) vulnerability found in legacy connection methods of the document co-authoring features in M-Files Server versions prior to 26.3.15818.5.

This vulnerability allows an unauthenticated attacker to cause the M-Files Server to send HTTP GET requests to arbitrary URLs.

Successful exploitation can reveal the IP address of the M-Files Server handling the request, although no other sensitive information is included in these GET requests.

Impact Analysis

An attacker exploiting this vulnerability can make the M-Files Server send HTTP GET requests to arbitrary URLs without authentication.

This can reveal the IP address of the M-Files Server, potentially exposing network information.

Additionally, exploitation may cause a moderate performance impact on the affected M-Files Server instance.

However, no other sensitive information is disclosed through this vulnerability.

Mitigation Strategies

To mitigate the CVE-2026-0932 vulnerability, you should upgrade your M-Files Server to version 26.3.15818.5 or later, as the vulnerability exists in versions prior to this release.

Since the vulnerability affects legacy connection methods of document co-authoring features, disabling or restricting these legacy methods may also reduce exposure until an upgrade can be performed.

Monitor your server for unusual outbound HTTP GET requests to arbitrary URLs, which may indicate exploitation attempts.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves the M-Files Server sending HTTP GET requests to arbitrary URLs due to a blind server-side request forgery (SSRF) in legacy connection methods of document co-authoring features.

To detect this vulnerability on your system, you can monitor outgoing HTTP GET requests from the M-Files Server to unusual or unexpected external URLs, especially those that do not correspond to normal server operations.

Network monitoring tools or packet capture utilities like tcpdump or Wireshark can be used to observe such traffic.

Example commands to monitor HTTP GET requests from the server include:

  • Using tcpdump to capture HTTP GET requests: tcpdump -i <interface> -A 'tcp port 80 and (((ip src <server_ip>) and (tcp[32:4] = 0x47455420)))'
  • Using tshark (Wireshark CLI) to filter HTTP GET requests: tshark -i <interface> -Y 'http.request.method == "GET" and ip.src == <server_ip>'

Replace <interface> with your network interface name and <server_ip> with the IP address of your M-Files Server.

Additionally, reviewing server logs for unexpected outbound HTTP requests or unusual performance impacts may help identify exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0932. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart