CVE-2026-0983

Received Received - Intake

Denial-of-Service in M-Files Server

Publication date: 2026-05-18

Last updated on: 2026-05-18

Assigner: M-Files Corporation

Description

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-18

Last Modified

2026-05-18

Generated

2026-06-10

AI Q&A

2026-05-18

EPSS Evaluated

2026-06-08

NVD

CVE-2026-0983

Affected Vendors & Products

Vendor	Product	Version / Range
m-files	server	to 26.5.16015.0 (exc)
m-files	server	to 26.2 (exc)
m-files	server	to 25.8 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-1286	The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

Attack-Flow Graph

Executive Summary

This vulnerability is a denial-of-service condition found in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3. It allows an authenticated user to cause the MFserver process to crash.

Impact Analysis

The impact of this vulnerability is that an authenticated user can cause the M-Files Server process (MFserver) to crash, resulting in a denial-of-service condition. This can disrupt normal operations and availability of the server.

Hi! I’m here to help you understand CVE-2026-0983. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-0983

Denial-of-Service in M-Files Server

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart