M-files M-files_server

34 CVEs affecting M-files M-files_server. Latest disclosed: 2026-04-01. Critical: 1, High: 8.

Top CVEs affecting M-files M-files_server
CVESeverityScorePublishedSummary
CVE-2024-10127Critical9.82024-11-20Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user aut…
CVE-2025-0635High7.52025-01-23Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain condit…
CVE-2024-4056High7.52024-04-26Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume compu…
CVE-2023-6912High7.52023-12-20Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially comprom…
CVE-2023-3405High7.52023-06-27Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service
CVE-2023-0383High7.52023-04-20User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.
CVE-2021-41807High7.52022-01-18Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of…
CVE-2026-0932High7.32026-04-01Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an un…
CVE-2025-3086High7.12025-04-04Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial…
CVE-2025-11681Medium6.52025-11-17Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause…
CVE-2025-5964Medium6.52025-06-15A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.
CVE-2024-6789Medium6.52024-08-27A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated us…
CVE-2023-6910Medium6.52023-12-20A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage…
CVE-2023-0384Medium6.52023-04-20User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled…
CVE-2023-0382Medium6.52023-04-05User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.
CVE-2022-3284Medium6.52023-03-06Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue aff…
CVE-2023-6117Medium5.72023-11-22A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23…
CVE-2023-6239Medium5.42023-11-28Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven per…
CVE-2022-1911Medium5.32022-11-30Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the under…
CVE-2022-4862Medium5.02023-03-06Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sens…