wid-sec-w-2026-0956 · Published 2026-04-01 · View on BSI CERT-Bund ↗

M-Files M-Files Server: Vulnerability allows Offenlegung from Informationen

CVSS 6.9 MEDIUM

Risk Summary

Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.

CVEs (1)

CVE-2026-0932

Affected Vendors

M-Files

Affected Products (2)

M-Files · M-Files Server <26.3.15818.5

M-Files · M-Files Server 26.3.15818.5

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more