M-Files Server Information Disclosure Vulnerability Advisory
Summary
CERT-Bund issued a security advisory (WID-SEC-2026-0956) regarding an information disclosure vulnerability in M-Files Server. The vulnerability affects versions prior to 26.3.15818.5 on Windows platforms and carries a CVSS Base Score of 6.5 (medium severity). Remote anonymous attackers can exploit this flaw to disclose sensitive information.
What changed
CERT-Bund published a security advisory identifying an information disclosure vulnerability in M-Files Server, an enterprise information management platform. The flaw (affecting versions below 26.3.15818.5) allows remote anonymous attackers to exploit the system and expose information. The CVSS Base Score is 6.5 (medium) with a Temporal Score of 5.7. Mitigation measures are available.
Organizations running affected M-Files Server installations on Windows should immediately apply the available patch (version 26.3.15818.5 or later) to remediate the vulnerability. If immediate patching is not feasible, appropriate mitigation measures should be implemented. IT security teams should monitor for signs of exploitation and review access controls.
What to do next
- Update M-Files Server to version 26.3.15818.5 or later
- If immediate update is not possible, implement available mitigation measures
- Monitor systems for signs of unauthorized information access
Source document (simplified)
[WID-SEC-2026-0956] M-Files M-Files Server: Schwachstelle ermöglicht Offenlegung von Informationen CVSS Base Score 6.5 (mittel) CVSS Temporal Score 5.7 (mittel) Remoteangriff ja Datum 01.04.2026 Stand 02.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Windows
Produktbeschreibung
M-Files ist eine Plattform zur Verwaltung von Unternehmensinformationen.
Produkte
01.04.2026
- M-Files M-Files Server <26.3.15818.5
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in M-Files M-Files Server ausnutzen, um Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.