CVE-2026-0983
published 2026-05-18CVE-2026-0983: Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the…
PriorityP434high7.1CVSS 4.0
AVNACLATNPRLUINVCNVINVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.23%
13.2th percentile
Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| m-files_corporation | m-files_server | < 26.5.16015.0 | 26.5.16015.0 |
| m-files_corporation | m-files_server | >= LTS 25.8.15085.13 < LTS 25.8.15085.24 | LTS 25.8.15085.24 |
| m-files_corporation | m-files_server | >= LTS 26.2.15718.8 < LTS 26.2.15718.10 | LTS 26.2.15718.10 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
M-Files Server up to 25.8/26.2/26.5.16015.0 improper validation of syntactic correctness of input (EUVD-2026-30767)
vuldb·2026-05-18·CVSS 7.1
CVE-2026-0983 [HIGH] M-Files Server up to 25.8/26.2/26.5.16015.0 improper validation of syntactic correctness of input (EUVD-2026-30767)
A vulnerability labeled as problematic has been found in M-Files Server up to 25.8/26.2/26.5.16015.0. This impacts an unknown function. Such manipulation leads to improper validation of syntactic correctness of input.
This vulnerability is uniquely identified as CVE-2026-0983. The attack can be launched remotely. No exploit exists.
The affected component should be upgraded.
GHSA
GHSA-x6cg-7p5m-7wcc: Denial-of-service condition in M-Files Server versions before 26
ghsa_unreviewed·2026-05-18
CVE-2026-0983 [HIGH] CWE-1286 GHSA-x6cg-7p5m-7wcc: Denial-of-service condition in M-Files Server versions before 26
Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-18
Published