CVE-2024-10126

🗓️ 20 Nov 2024 08:37:41Reported by M-Files CorporationType

Local File Inclusion vulnerability in M-Files Server allows authenticated user to read server local files via document previe

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2024-10126	20 Nov 202409:15	–	attackerkb
BDU FSTEC	The vulnerability of the M-Files Server platform, which is related to the use of files and directories accessible to external parties, allows a perpetrator to gain unauthorized access to protected information.	3 Mar 202500:00	–	bdu_fstec
Circl	CVE-2024-10126	20 Nov 202411:13	–	circl
CNNVD	M-Files Server 安全漏洞	20 Nov 202400:00	–	cnnvd
Cvelist	CVE-2024-10126 Local file inclusion vulnerability in M-Files Server	20 Nov 202408:37	–	cvelist
EUVD	EUVD-2024-33394	3 Oct 202520:07	–	euvd
NVD	CVE-2024-10126	20 Nov 202409:15	–	nvd
OSV	CVE-2024-10126	20 Nov 202409:15	–	osv
Positive Technologies	PT-2024-16048 · M Files · M-Files Server	18 Oct 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-10126	23 May 202506:40	–	redhatcve

NVD

Node

m-files m-files_serverRange<23.8.12892.6-

m-files m-files_serverRange<23.8.12892.23lts

m-files m-files_serverRange24.2.13421.11–24.2.13421.17-

m-files m-files_serverRange24.8.13981.8–24.8.13981.11-

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "M-Files Server",
    "vendor": "M-Files Corporation\"",
    "versions": [
      {
        "lessThan": "24.11",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "23.8 SR7",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "24.2 SR3",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "24.8 SR1",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
product	www.product.m-files.com/security-advisories/CVE-2024-10126
empower	www.empower.m-files.com/security-advisories/CVE-2024-10126

17 Jun 2026 06:54Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.14.3

CVSS 45.3

EPSS0.00374

SSVC

CWE-552