CVE-2026-0932

Medium CVSS: 6.9

Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.

Vendor

M-files

Product

M-files Server

CWE

CWE-918

Yayın Tarihi

2026-04-01 11:15:58

Güncelleme

2026-04-02 18:18:54

Source Identifier

security@m-files.com

KEV Date Added

Kategoriler

CWE-918 M-files Server MEDIUM M-files 2026

Referanslar

https://empower.m-files.com/security-advisories/CVE-2026-0932 https://product.m-files.com/security-advisories/cve-2026-0932/

Benzer Kayıtlar

Medium

CVE-2026-0663

Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vau…

Medium

CVE-2025-14267

Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows d…

Medium

CVE-2025-14318

Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using W…

High

CVE-2025-11681

Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2…

High

CVE-2025-9826

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to caus…

Medium

CVE-2025-2091

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows atta…