M Files Security Vulnerabilities (CVEs)

Track 31 security vulnerabilities affecting M Files products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

1 Critical

12 High

16 Medium

2 Low

Sort by:

🔔 Get Alerts for M Files

CVE-2026-0663 4.9

This vulnerability allows authenticated attackers with vault administrator privileges to crash M-Files Server by calling a vulnerable API endpoint, ca...

Jan 21, 2026

CVE-2025-14267 4.9

This vulnerability in M-Files Server allows sensitive information to be exposed due to incomplete data removal before transfer. It affects organizatio...

Dec 19, 2025

CVE-2025-14318 4.3

M-Files Server versions before 25.12.15491.7 have an improper access control vulnerability that allows authenticated users to download files through M...

Dec 18, 2025

CVE-2025-11681 6.5

An authenticated user can cause a denial-of-service by crashing the MFserver process in vulnerable M-Files Server versions. This affects organizations...

Nov 17, 2025

CVE-2025-9826 5.4

A stored cross-site scripting vulnerability in M-Files Hubshare allows authenticated attackers to inject malicious scripts that execute in other users...

Sep 15, 2025

CVE-2025-2091 5.4

An open redirection vulnerability in M-Files mobile applications allows attackers to craft malicious PDF files that trick users into visiting untruste...

Jun 16, 2025

CVE-2025-3087 5.4

CVE-2025-3087 is a stored cross-site scripting (XSS) vulnerability in M-Files Web versions 25.1.14445.5 through 25.2.14524.4. It allows authenticated ...

Apr 4, 2025

CVE-2025-0648 4.9

A configuration change vulnerability in M-Files Server's database driver allows highly privileged attackers to cause unexpected server crashes, leadin...

Jan 23, 2025

CVE-2025-0635 7.5

CVE-2025-0635 is a denial-of-service vulnerability in M-Files Server that allows unauthenticated attackers to consume computing resources, potentially...

Jan 23, 2025

CVE-2024-10127 9.8

This vulnerability allows attackers to bypass authentication in M-Files servers when configured with vulnerable OpenLDAP setups. It enables unauthoriz...

Nov 20, 2024

CVE-2024-10126 4.3

This CVE describes a Local File Inclusion vulnerability in M-Files Server that allows authenticated users to read server local files of limited filety...

Nov 20, 2024

CVE-2024-6881 5.4

This stored cross-site scripting (XSS) vulnerability in M-Files Hubshare allows authenticated attackers to inject malicious JavaScript that executes i...

Jul 29, 2024

CVE-2024-5142 5.4

A stored cross-site scripting (XSS) vulnerability in the Social Module of M-Files Hubshare allows authenticated attackers to inject malicious scripts ...

May 24, 2024

CVE-2024-4056 7.5

CVE-2024-4056 is a denial-of-service vulnerability in M-Files Server that allows unauthenticated attackers to consume computing resources, potentially...

Apr 26, 2024

CVE-2023-6912 7.5

M-Files Server versions before 23.12.13205.0 lack brute force protection, allowing attackers unlimited authentication attempts to guess user passwords...

Dec 20, 2023

CVE-2023-5524 8.2

This vulnerability allows remote attackers to execute arbitrary code on M-Files Web Companion servers by uploading specially crafted files. It affects...

Oct 20, 2023

CVE-2023-2325 7.3

This is a stored cross-site scripting (XSS) vulnerability in M-Files Classic Web that allows attackers to inject malicious scripts into HTML documents...

Oct 20, 2023

CVE-2023-3406 7.7

This path traversal vulnerability in M-Files Classic Web allows authenticated users to access restricted files on the web server by manipulating file ...

Aug 25, 2023

CVE-2023-2480 7.5

This vulnerability in M-Files Client allows UI extension applications to bypass access permission checks, enabling privilege escalation. Attackers cou...

May 25, 2023

CVE-2023-2112 3.6

This vulnerability in M-Files Desktop component service allows an authenticated user in one session to move laterally to another user's session, poten...

Apr 20, 2023

CVE-2023-0383 7.5

This vulnerability in M-Files Server allows attackers to cause denial of service through uncontrolled memory consumption. By sending specially crafted...

Apr 20, 2023

CVE-2023-0213 8.8

This vulnerability allows local attackers to escalate privileges to SYSTEM level on Windows systems by exploiting DLL hijacking in M-Files Installer. ...

Mar 29, 2023

CVE-2022-4862 5.0

This vulnerability allows authenticated users to inject HTML content that gets rendered in other users' browsers in M-Files Web, potentially enabling ...

Mar 6, 2023

CVE-2022-4858 4.4

M-Files Server versions before 22.10.11846.0 can log sensitive authentication tokens to log files when specific configurations are enabled. This vulne...

Dec 30, 2022

CVE-2022-4264 6.5

CVE-2022-4264 is an incorrect privilege assignment vulnerability in M-Files Web (Classic) that allows low-privilege users to modify certain system con...

Dec 9, 2022

CVE-2022-1911 5.3

CVE-2022-1911 is an information disclosure vulnerability in M-Files Server where an error in the parser function allows unauthenticated attackers to a...

Nov 30, 2022

CVE-2021-41810 5.2

This vulnerability allows stored script injection in M-Files Admin versions before 22.2.11051.0. An authenticated vault administrator can store malici...

May 2, 2022

CVE-2021-41809 3.5

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in M-Files Server products. It allows attackers to make unauthorized queries fro...

Jan 18, 2022

CVE-2021-41807 7.5

This vulnerability allows attackers to perform unlimited login attempts against certain M-Files user accounts, enabling brute-force attacks to guess p...

Jan 18, 2022

CVE-2021-37253 7.5

This vulnerability allows denial of service attacks against M-Files Web servers by sending HTTP requests with overlapping Range or Request-Range heade...

Dec 5, 2021

CVE-2021-37254 7.5

This vulnerability in M-Files Web allows remote attackers to access license key information for third-party components without authentication. It affe...

Oct 28, 2021

Why Monitor M Files Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 31+ known vulnerabilities affecting M Files products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable M Files packages in under 60 seconds. No agents required - completely agentless scanning that works across M Files deployments.

Free vulnerability database: Access detailed information about every M Files CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new M Files CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring M Files CVEs Free