Security Advisories

Detailed information on public vulnerabilities in M-Files products

CVE IDDATE ISSUEDTITLEPRODUCTS
CVE-2022-160605-19-2022Incorrect Privilege AssignmentM-Files Server versions before 22.3.11164.0 and before 22.3.11237.1
CVE-2021-4181004-27-2022Script injectionM-Files Server versions before 22.2.11051.0
CVE-2022-2680904-16-2022Remote Procedure Call Runtime Remote Code Execution Vulnerability and M-FilesM-Files Server/Desktop/Classic Web/VNEXT/Mobile
CVE-2022-2296504-01-2022Spring Framework RCE and M-FilesM-Files Server/Desktop/Classic Web/VNEXT/Mobile
CVE-2021-41809 01-17-2022 SSRF VulnerabilityM-Files Server versions before 22.1.11017.1
CVE-2021-4180801-17-2022 Information disclosureM-Files Server versions before 21.11.10775.0
CVE-2021-4180701-17-2022Lack of rate-limitingM-Files Server versions before 21.12.10873.0
M-Files Web versions before 21.12.10873.0
CVE-2021-4422812-14-2021Log4j and M-FilesM-Files Server/Desktop/Classic Web/VNEXT/Mobile
CVE-2021-3725312-03-2021Denial of ServiceM-Files Classic Web
CVE-2021-3725410-27-2021Information Disclosure VulnerabilityM-Files Web
Report vulnerabilities

M-Files takes software vulnerabilities seriously. If you have identified a potential security vulnerability, be in touch.

How to report vulnerabilities
Security Hall of Fame

M-Files celebrates those who help us identify and correct security vulnerabilities across all M-Files products.

Visit our Security Hall of Fame
+