GCVE - cpe:2.3:a:m-files_corporation:m-files_server:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:m-files_corporation:m-files_server:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	M Files Corporation (`2362f32a-0a24-5310-a96b-161849f50ffc`)
Product	M Files Server (`f876d50f-03f6-5f25-a9d1-a89f0dea6c10`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-0983`	vulnerable	2026-06-08 07:47:13.577791	Denial of service vulnerability in M-Files Server Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash Published: 2026-05-18T11:05:29.691Z Updated: 2026-05-18T12:40:39.485Z Open on db.gcve.eu Reference links https://empower.m-files.com/security-advisories/CVE-2026-0983	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-0932`	vulnerable	2026-06-08 07:47:13.512877	Details available Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs. Published: 2026-04-01T10:03:27.785Z Updated: 2026-04-01T12:38:30.875Z Open on db.gcve.eu Reference links https://empower.m-files.com/security-advisories/CVE-2026-0932 https://product.m-files.com/security-advisories/cve-2026-0932/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-0663`	vulnerable	2026-06-08 07:47:12.868142	Denial of Service condition in M-Files Server Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint. Published: 2026-01-21T10:29:57.786Z Updated: 2026-02-23T10:39:26.170Z Open on db.gcve.eu Reference links https://product.m-files.com/security-advisories/cve-2026-0663/ https://empower.m-files.com/security-advisories/CVE-2026-0663	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-5964`	vulnerable	2026-06-08 07:37:26.148581	Path traversal in M-Files API A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server. Published: 2025-06-15T19:42:24.617Z Updated: 2026-02-23T10:29:03.940Z Open on db.gcve.eu Reference links https://product.m-files.com/security-advisories/cve-2025-5964 https://empower.m-files.com/security-advisories/CVE-2025-5964	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-3086`	vulnerable	2026-06-08 07:23:08.085980	User in anonymous role could create and delete views Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service Published: 2025-04-04T06:37:42.901Z Updated: 2026-02-23T10:26:58.607Z Open on db.gcve.eu Reference links https://product.m-files.com/security-advisories/cve-2025-3086/ https://empower.m-files.com/security-advisories/CVE-2025-3086	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-14318`	vulnerable	2026-06-08 07:06:34.269211	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-14267`	vulnerable	2026-06-08 07:06:34.170284	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13008`	vulnerable	2026-06-08 07:04:31.432875	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-11681`	vulnerable	2026-06-08 07:04:28.766362	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0648`	vulnerable	2026-06-08 07:02:25.065044	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0635`	vulnerable	2026-06-08 07:02:24.996805	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0619`	vulnerable	2026-06-08 07:02:24.956489	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6789`	vulnerable	2026-06-08 06:58:20.467149	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4056`	vulnerable	2026-06-08 06:50:16.932896	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10127`	vulnerable	2026-06-08 06:22:03.629218	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-0563`	vulnerable	2026-06-08 06:22:01.369293	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6912`	vulnerable	2026-06-08 06:21:56.289292	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6910`	vulnerable	2026-06-08 06:21:56.256403	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-41810`	vulnerable	2026-06-08 05:35:21.070372	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.