SSRF in M-files Corporation Server
CVE-2026-0932
Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrar…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.001 (26.0th percentile) — read the EPSS interpretation.
Affected products
- M-files Corporation Server — versions 0
Weakness classification (CWE)
References
- empower.m-files.com/security-advisories/CVE-2026-0932 (vendor-advisory)
- product.m-files.com/security-advisories/cve-2026-0932/ (vendor-advisory)