Description
Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.
Affected products
M-Files Server before 26.1.15632.3
More information
Exploiting the vulnerability requires an authenticated user with vault administrator permissions. CVSS 4.0 CVSS-B Score: 6.9 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CWE: CWE-1286 Improper Validation of Syntactic Correctness of Input CAPEC: CAPEC-153 Input Data Manipulation Internal ID: CLOSS-907 Date issued: 2026-01-21 Alternate IDs: EUVD-2026-3685
Exploitability
Publicly disclosed: No Exploited: No Probability of exploitation: Low - internally found
Links
History
2026-01-21 Published
