M-Files Server is part of the M-Files Intelligent Information Management software that helps businesses find, share, and secure documents and other information. The server provides a platform for storing and managing all of your organization's documents. M-Files Server offers features for compliance, process automation, and quality management, making it useful for a variety of industries, including manufacturing, construction, pharmaceutical, and financial services.

M-Files Server

Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-13008	HIGH	8.6	M-Files Server	cpe:2.3:a:m-files:m-files_server	No	Yes	Dec 19, 2025
CVE-2026-0932	MEDIUM	6.9	M-Files Server	cpe:2.3:a:m-files:m-files_server	No	Yes	Apr 01, 2026
CVE-2026-0663	MEDIUM	6.9	M-Files Server	cpe:2.3:a:m-files:m-files_server	No	Yes	Jan 21, 2026
CVE-2025-14267	MEDIUM	5.6	M-Files Server	cpe:2.3:a:m-files:m-files_server	No	Yes	Dec 19, 2025
CVE-2025-14318	MEDIUM	5.3	M-Files Server	cpe:2.3:a:m-files:m-files_server	No	Yes	Dec 18, 2025

CVE-2026-0932:
M-Files Server vulnerability analysis and mitigation

6.9

Related M-Files Server vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-0932: M-Files Server vulnerability analysis and mitigation