Known Vulnerabilities for products from M-files
Listed below are 20 of the newest known vulnerabilities associated with the vendor "M-files".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-49238 json | Not Provided | 2026-05-28 | 2026-05-28 | |
| CVE-2026-49128 json | Not Provided | 2026-05-28 | 2026-05-29 | |
| CVE-2026-48922 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-48921 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-48920 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-48906 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-48864 json | Not Provided | 2026-05-26 | 2026-05-28 | |
| CVE-2026-48831 json | Not Provided | 2026-05-24 | 2026-05-26 | |
| CVE-2026-48693 json | Not Provided | 2026-05-26 | 2026-05-26 | |
| CVE-2026-48522 json | Not Provided | 2026-05-28 | 2026-05-28 | |
| CVE-2026-0932 json | Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Fi... | Not Provided | 2026-04-01 | 2026-04-02 |
| CVE-2023-6239 json | 8.8 - HIGH | 2023-11-28 | 2023-12-04 | |
| CVE-2023-5524 json | Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 ... | 7.3 - HIGH | 2023-10-20 | 2023-10-30 |
| CVE-2023-5523 json | Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions b... | 7.8 - HIGH | 2023-10-20 | 2023-10-28 |
| CVE-2023-3425 json | Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 a... | 5.3 - MEDIUM | 2023-08-25 | 2023-08-31 |
| CVE-2023-3406 json | Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 ... | 6.5 - MEDIUM | 2023-08-25 | 2023-08-31 |
| CVE-2023-3405 json | Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous u... | 7.5 - HIGH | 2023-06-27 | 2023-07-06 |
| CVE-2023-2480 json | Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of pr... | 7.8 - HIGH | 2023-05-25 | 2023-06-27 |
| CVE-2023-2325 json | Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 a... | 5.4 - MEDIUM | 2023-10-20 | 2023-10-26 |
| CVE-2023-2112 json | Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. | 7.8 - HIGH | 2023-04-20 | 2023-05-02 |