CVE-2026-0663: Denial of Service Condition in M-Files Server

DESCRIPTION

Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.

AFFECTED PRODUCTS

M-Files Server before 26.1.15632.3

MORE INFORMATION

Exploiting the vulnerability requires an authenticated user with vault administrator permissions.

CVSS 4.0 CVSS-B Score: 6.9

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE: CWE-1286 Improper Validation of Syntactic Correctness of Input

CAPEC: CAPEC-153 Input Data Manipulation

Internal ID: CLOSS-907

Date issued: 2026-01-21

Alternate IDs: –

EXPLOITABILITY

Publicly disclosed: No
Exploited: No
Probability of exploitation: Low – internally found

LINKS

https://www.cve.org/CVERecord?id=CVE-2026-0663

HISTORY

2026-01-21 Published

Review M-Files on Gartner® Peer Insights™ & get a $25 gift card!

Review now
X