CVE-2026-0932

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Apr 01, 2026

Vendor unknown

Description

Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.

References

https://empower.m-files.com/security-advisories/CVE-2026-0932
https://product.m-files.com/security-advisories/cve-2026-0932/