CVE-2026-0983
Received Received - Intake

Denial-of-Service in M-Files Server

Publication date: 2026-05-18

Last updated on: 2026-05-18

Assigner: M-Files Corporation

Description
Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-18
Last Modified
2026-05-18
Generated
2026-06-30
AI Q&A
2026-05-18
EPSS Evaluated
2026-06-28
NVD
CVE-2026-0983

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
m-files server to 26.5.16015.0 (exc)
m-files server to 26.2 (exc)
m-files server to 25.8 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1286 The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a denial-of-service condition found in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3. It allows an authenticated user to cause the MFserver process to crash.

Impact Analysis

The impact of this vulnerability is that an authenticated user can cause the M-Files Server process (MFserver) to crash, resulting in a denial-of-service condition. This can disrupt normal operations and availability of the server.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0983. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart