HIGHCVE-2026-0983Published 2026-05-18Modified 2026-05-18CNA M-Files Corporation

CVE-2026-0983: Denial of service vulnerability in M-Files Server

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: 26.5.16015.0
Affected Products: 1

Fix available

26.5.16015.0LTS 25.8.15085.24LTS 26.2.15718.10

Affected packages

M-Files Corporation / M-Files Server
< 26.5.16015.0 (from 0) · < LTS 25.8.15085.24 (from LTS 25.8.15085.13) · < LTS 26.2.15718.10 (from LTS 26.2.15718.8)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

empower.m-files.com

Metrics

Fix available