CVE-2026-0983 HIGH

CVE-2026-0983: Denial of service vulnerability in M-Files Server

Vendor M-Files Corporation
Product M-Files Server
Weakness CWE-1286
Published May 18, 2026
Last update May 18, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash

Key dates

02Disclosure timeline

May 18, 2026 CVE published
May 18, 2026 Record updated