CVE-2022-4270 LOW

CVE-2022-4270: Incorrect privilege assignment in M-Files Web Server

Vendor M-Files
Product M-Files Web
Weakness CWE-269
Published December 2, 2022
Last update February 23, 2026

CVSS base score

2.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.

Key dates

02Disclosure timeline

December 2, 2022 CVE published
February 23, 2026 Record updated