CVE-2026-0932
HIGH 7.3Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.
Affected Applications in Environment
16
Files
v2.2602.4001.0
10 devices
Files
v2.2603.10000.0
18 devices
Files
v2.2602.17002.0
16 devices
Files
v2.2602.27000.0
23 devices
Files
v2.2603.18001.0
14 devices
Files
v2.2601.6000.0
2 devices
Files
v2.2602.13001.0
11 devices
Files
v2.2603.2000.0
19 devices
Files
v2.2601.16000.0
2 devices
Files
v2.2601.20001.0
6 devices
Files
v2.2510.22000.0
4 devices
Files
v1.0.0+01ddde98edbf514bd4458aba64d2237d9ffc8fc2
1 device
Files
v2.2512.31002.0
1 device
Files
v2.2510.16002.0
1 device
Files
v1.0.0+99de38681b0b3cfb1de108520e4212adb84fcd18
1 device
server
v1.0.0.0
1 device
Affected Devices
30
DPBUDG-8XD5SY3
Windows
DPCLOG-26M0RW3
Windows
DPCONT-DMNH9R3
Windows
DPCPD-DSVQMD4
Windows
DPCTWC-37390358
Windows
DPELED-D81938YB
Windows
DPENGL-7MLK5H4
Windows
DPENGR-L0243WQN
Windows
DPENGR-L1283ZDM
Windows
DPEXYP-14R6034
Windows
DPEXYP-FZP06G4
Windows
DPHSNG-34Y86X3
Windows
DPHSOB-7WXMZD3
Windows
DPHSOB-PF3T1LRV
Windows
DPLIBR-FJQ4284
Windows
DPMATH-7C4N794
Windows
DPMATH-O1262L3M
Windows
DPSFTY-J80GSB4
Windows
DPUVDL-L2273Y5Y
Windows
DPUWRL-L1283ZCB
Windows
DPVCLS-PW0FMB4M
Windows
DPVPMC-CH29FY3
Windows
DPZBLD-00019651
Windows
DPZCTE-1KHLZ84
Windows
EBB107-01
Windows
FTB-DL7350-17
Windows
MAE-STORAGE
Windows
SCCE415-575XSV3
Windows
USULOAN284
Windows
USULOAN435
Windows