CVE-2026-0663 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2026-0663?

CVE-2026-0663 has a CVSS score of 4.9 (MEDIUM). This vulnerability allows authenticated attackers with vault administrator privileges to crash M-Files Server by calling a vulnerable API endpoint, causing denial of service. It affects M-Files Server versions before 26.1.15632.3.

📋 TL;DR

This vulnerability allows authenticated attackers with vault administrator privileges to crash M-Files Server by calling a vulnerable API endpoint, causing denial of service. It affects M-Files Server versions before 26.1.15632.3.

💻 Affected Systems

Products:

M-Files Server

Versions: All versions before 26.1.15632.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires vault administrator privileges; standard users cannot exploit this vulnerability.

📦 What is this software?

M Files Server by M Files

View all CVEs affecting M Files Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of M-Files Server, affecting all users and business processes dependent on the document management system.

🟠

Likely Case

Temporary service outage requiring server restart, disrupting document access and workflow processes.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, potentially affecting only specific vaults.

🌐 Internet-Facing: MEDIUM - While authentication is required, internet-facing servers could be targeted by compromised administrator accounts.

🏢 Internal Only: HIGH - Internal attackers with vault administrator privileges can easily exploit this to disrupt business operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access with vault administrator privileges and knowledge of the vulnerable API endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 26.1.15632.3 or later

Vendor Advisory: https://product.m-files.com/security-advisories/cve-2026-0663/

Restart Required: Yes

Instructions:

1. Download M-Files Server version 26.1.15632.3 or later from official M-Files sources. 2. Run the installer on the M-Files Server machine. 3. Follow the upgrade wizard. 4. Restart the M-Files Server service after installation completes.

🔧 Temporary Workarounds

Restrict Vault Administrator Access

all

Limit vault administrator privileges to only essential personnel to reduce attack surface.

API Endpoint Monitoring

all

Monitor and alert on suspicious API calls to the vulnerable endpoint.

🧯 If You Can't Patch

Implement strict access controls to limit vault administrator accounts to trusted personnel only.
Monitor server logs for repeated API calls to suspicious endpoints and implement rate limiting.

🔍 How to Verify

Check if Vulnerable:

Check M-Files Server version in M-Files Admin application under Help > About.

Check Version:

Not applicable - use M-Files Admin GUI or check Windows Programs and Features

Verify Fix Applied:

Verify version is 26.1.15632.3 or later and test API functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Multiple rapid API calls from same administrator account
M-Files Server process crashes in Windows Event Logs

Network Indicators:

Unusual API call patterns to specific endpoints from administrator accounts

SIEM Query:

source="M-Files Server" AND (event_type="Process Crash" OR api_endpoint="vulnerable_endpoint")

📊 Metadata

CVE ID: CVE-2026-0663

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1286

EPSS Score: 0.09% exploit probability (26.4th percentile)

Published: January 21, 2026

Last Updated: February 23, 2026

🔗 References

https://empower.m-files.com/security-advisories/CVE-2026-0663
https://product.m-files.com/security-advisories/cve-2026-0663/ Broken Link,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0663, you might also want to check these: