CVE-2026-0983
Received
Received - Intake
Denial-of-Service in M-Files Server
Publication date: 2026-05-18
Last updated on: 2026-05-18
Assigner: M-Files Corporation
Description
Description
Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| m-files | server | to 26.5.16015.0 (exc) |
| m-files | server | to 26.2 (exc) |
| m-files | server | to 25.8 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1286 | The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial-of-service condition found in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3. It allows an authenticated user to cause the MFserver process to crash.
How can this vulnerability impact me? :
The impact of this vulnerability is that an authenticated user can cause the M-Files Server process (MFserver) to crash, resulting in a denial-of-service condition. This can disrupt normal operations and availability of the server.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70