CVE-2023-3406 HIGH

CVE-2023-3406: Path traversal issue in M-Files Classic Web

Vendor M-Files
Product M-Files Web
Weakness CWE-22 · Path traversal
Published August 25, 2023
Last update February 23, 2026

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server

Key dates

02Disclosure timeline

August 25, 2023 CVE published
February 23, 2026 Record updated