CVE-2026-0983 | THREATINT

Description

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash

PUBLISHED Reserved 2026-01-15 | Published 2026-05-18 | Updated 2026-05-18 | Assigner M-Files Corporation

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-1286 Improper validation of syntactic correctness of input

Product status

Default status

unaffected

Any version before 26.5.16015.0

affected

LTS 25.8.15085.13 (custom) before LTS 25.8.15085.24

affected

LTS 26.2.15718.8 (custom) before LTS 26.2.15718.10

affected

References

empower.m-files.com/security-advisories/CVE-2026-0983 vendor-advisory

cve.org (CVE-2026-0983)

nvd.nist.gov (CVE-2026-0983)

Download JSON