Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

M-Files Corporation — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting M-Files Corporation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

M-Files Corporation provides intelligent information management software that organizes data based on context rather than physical location, serving enterprises seeking unified document control. The platform’s architecture, which integrates with various enterprise systems, has historically exposed it to a range of security flaws, currently totaling 29 recorded Common Vulnerabilities and Exposures. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation or improper access controls within its web interface and API endpoints. While no catastrophic data breaches have been widely publicized, the accumulation of these CVEs highlights persistent challenges in securing complex enterprise integrations. M-Files Corporation has responded to these findings through regular patch cycles, yet the high volume of disclosed issues suggests ongoing risks for organizations relying on its unpatched or misconfigured deployments.

Top products by M-Files Corporation: M-Files Server Hubshare M-Files Web M-Files Hubshare M-Files Connector for Copilot M-Files Aino M-Files Admin M-Files Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2026-0932 M-Files Server 安全漏洞 — M-Files ServerCWE-918 8.2AIHighAI2026-04-01
CVE-2026-0663 Denial of Service condition in M-Files Server — M-Files ServerCWE-1286 4.9AIMediumAI2026-01-21
CVE-2025-13008 Session Token Disclosure in M-Files Web — M-Files ServerCWE-359 6.5AIMediumAI2025-12-19
CVE-2025-14267 Unintended temporary cached data included in a structure only copy intended to be empty of data — M-Files ServerCWE-212 6.5AIMediumAI2025-12-19
CVE-2025-14318 Improper access validation in M-Files Server — M-Files ServerCWE-863 6.5AIMediumAI2025-12-18
CVE-2025-11681 Denial of Service condition in M-Files Server — M-Files ServerCWE-400 6.5AIMediumAI2025-11-17
CVE-2025-9826 M-Files Hubshare 安全漏洞 — HubshareCWE-79 5.4AIMediumAI2025-09-15
CVE-2025-2091 Open redirection in M-Files Mobile — M-Files MobileCWE-601 5.0AIMediumAI2025-06-16
CVE-2025-5964 Path traversal in M-Files API — M-Files ServerCWE-22 6.5AIMediumAI2025-06-15
CVE-2025-3087 Stored XSS Vulnerability in M-Files Web — M-Files WebCWE-79 5.4AIMediumAI2025-04-04
CVE-2025-3086 User in anonymous role could create and delete views — M-Files ServerCWE-653 7.1AIHighAI2025-04-04
CVE-2025-2159 Stored XSS in M-Files Admin user interface — M-Files AdminCWE-79 4.6AIMediumAI2025-04-04
CVE-2025-0635 Denial of Service condition in M-Files Server — M-Files ServerCWE-770 7.5 -2025-01-23
CVE-2025-0619 Unsafe stored password recovery — M-Files ServerCWE-522 4.9 -2025-01-23
CVE-2025-0648 M-Files Server crash via EOT database driver configuration — M-Files ServerCWE-248 4.9 -2025-01-23
CVE-2024-10127 Support for authentication bypass condition in M-Files LDAP authentication — M-Files ServerCWE-303 8.1AIHighAI2024-11-20
CVE-2024-11176 Incorrect evaluation of effective permissions in M-Files Aino — M-Files AinoCWE-863 6.5AIMediumAI2024-11-20
CVE-2024-9333 Permission bypass in M-Files Connector for Copilot — M-Files Connector for CopilotCWE-281 4.3 -2024-10-02
CVE-2024-9174 Stored HTML Injection in Hubshare social module — M-Files HubshareCWE-79 4.1 -2024-10-02
CVE-2024-6789 Path traversal in M-Files API — M-Files ServerCWE-22 6.5AIMediumAI2024-08-27
CVE-2024-6124 Reflected XSS in Hubshare via Open Redirect — HubshareCWE-79 6.1AIMediumAI2024-07-29
CVE-2024-6881 Stored XSS Vulnerability — HubshareCWE-79 5.4AIMediumAI2024-07-29
CVE-2024-5142 XSS in Hubshare's social module — HubshareCWE-79 5.4 -2024-05-24
CVE-2024-4056 Denial of service condition in M-Files Server — M-Files ServerCWE-1333 7.5 High2024-04-26
CVE-2023-4479 Stored XSS Vulnerability in M-Files Web — M-Files WebCWE-79 7.3 High2024-03-04
CVE-2024-0563 Denial of service condition in M-Files Server — M-Files ServerCWE-770 4.3 Medium2024-02-23
CVE-2023-6910 Uncontrolled Resource Consumption in M-Files Server — M-Files ServerCWE-770 6.5 Medium2023-12-20
CVE-2023-6912 Brute force vulnerability in M-Files user authentication — M-Files ServerCWE-307 7.5 High2023-12-20
CVE-2021-41810 Script injection in M-Files Admin — M-Files ServerCWE-79 5.2 Medium2022-05-02

This page lists every published CVE security advisory associated with M-Files Corporation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.