Known Vulnerabilities for products from M-files
Listed below are 20 of the newest known vulnerabilities associated with the vendor "M-files".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41908 json | Not Provided | 2026-04-23 | 2026-04-23 | |
| CVE-2026-41389 json | Not Provided | 2026-04-20 | 2026-04-20 | |
| CVE-2026-41355 json | Not Provided | 2026-04-23 | 2026-04-23 | |
| CVE-2026-41338 json | Not Provided | 2026-04-23 | 2026-04-23 | |
| CVE-2026-41336 json | Not Provided | 2026-04-23 | 2026-04-23 | |
| CVE-2026-41332 json | Not Provided | 2026-04-23 | 2026-04-23 | |
| CVE-2026-41296 json | Not Provided | 2026-04-21 | 2026-04-20 | |
| CVE-2026-41269 json | Not Provided | 2026-04-23 | 2026-04-23 | |
| CVE-2026-41245 json | Not Provided | 2026-04-20 | 2026-04-20 | |
| CVE-2026-41230 json | Not Provided | 2026-04-23 | 2026-04-23 | |
| CVE-2026-0932 json | Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Fi... | Not Provided | 2026-04-01 | 2026-04-02 |
| CVE-2023-6239 json | 8.8 - HIGH | 2023-11-28 | 2023-12-04 | |
| CVE-2023-5524 json | Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 ... | 7.3 - HIGH | 2023-10-20 | 2023-10-30 |
| CVE-2023-5523 json | Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions b... | 7.8 - HIGH | 2023-10-20 | 2023-10-28 |
| CVE-2023-3425 json | Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 a... | 5.3 - MEDIUM | 2023-08-25 | 2023-08-31 |
| CVE-2023-3406 json | Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 ... | 6.5 - MEDIUM | 2023-08-25 | 2023-08-31 |
| CVE-2023-3405 json | Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous u... | 7.5 - HIGH | 2023-06-27 | 2023-07-06 |
| CVE-2023-2480 json | Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of pr... | 7.8 - HIGH | 2023-05-25 | 2023-06-27 |
| CVE-2023-2325 json | Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 a... | 5.4 - MEDIUM | 2023-10-20 | 2023-10-26 |
| CVE-2023-2112 json | Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. | 7.8 - HIGH | 2023-04-20 | 2023-05-02 |