Which versions of M-Files Server are affected by CVE-2026-0983?

M-Files Server contains a vulnerability that could crash the document management service, preventing all users from accessing critical documents and disrupting document-dependent business processes.. A patch is available.

M-Files Server CVE-2026-0983

Q: What is the CVSS score of CVE-2026-0983?

CVE-2026-0983 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-30767 HIGH

Improper Validation of Syntactic Correctness of Input (CWE-1286)

2026-05-18 M-Files Corporation

GHSA-x6cg-7p5m-7wcc

Denial Of Service

7.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 18, 2026 - 13:01 EUVD

Analysis Generated

May 18, 2026 - 12:30 vuln.today

CVSS changed

May 18, 2026 - 12:22 NVD

7.1 (HIGH)

DescriptionNVD

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash

AnalysisAI

Denial of service in M-Files Server versions prior to 26.5.16015.0, 26.2 LTS, and 25.8 LTS SR3 allows an authenticated remote attacker to crash the MFserver process, disrupting document management services for all connected users. The flaw is reachable over the network with low privileges and no user interaction, but has no impact on confidentiality or integrity. …

RemediationAI

Within 24 hours: Inventory all M-Files Server deployments and record current versions; no public exploit has been identified, but assess the number of affected users and criticality of stored documents. Within 7 days: Restrict M-Files Server access to essential business users and administrators only; implement monitoring and alerting for unexpected MFserver process failures. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-0983 vulnerability details – vuln.today

Back

M-Files Server CVE-2026-0983

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

M-Files Server CVE-2026-0983

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code