CVE-2022-1606 LOW

CVE-2022-1606: Incorrect privilege assignment in M-Files Server

Vendor M-Files
Product M-Files Server
Weakness CWE-269
Published November 30, 2022
Last update February 23, 2026
View on NVD All CVEs

CVSS base score

2.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.

Key dates

02Disclosure timeline

November 30, 2022 CVE published
February 23, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-11561 Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems CVE-2025-13176 Local privilege escalation in ESET Inspect Connector for Windows CVE-2024-3828 Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation CVE-2025-2237 WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register' CVE-2022-46172 authentik allows existing authenticated users to create arbitrary accounts