Denial-of-Service Vulnerability in M-Files Server by M-Files Corporation
CVE-2026-0983

7.1HIGH

Key Information:

Vendor: M-files Corporation
Status: M-files Server
Vendor: CVE Published:; 18 May 2026

🔔 Create M-files Corporation Vulnerability Alert

What is CVE-2026-0983?

A denial-of-service vulnerability exists in M-Files Server that allows an authenticated user to trigger a crash in the MFserver process. This affects multiple versions of the software, including those prior to 26.5.16015.0, 26.2 LTS, and 25.8 LTS SR3, potentially leading to service interruptions for legitimate users. It is crucial for organizations using M-Files Server to apply the necessary updates to safeguard against this issue.

Affected Version(s)

M-Files Server 0 < 26.5.16015.0

M-Files Server LTS 25.8.15085.13

M-Files Server LTS 26.2.15718.8

References

https://empower.m-files.com/security-advisories/CVE-2026-...

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2026
Vulnerability Reserved
Jan 15, 2026

CVE-2026-0983 Data

JSON