M Files · M-Files Server · CVE-2024-10126
**Name of the Vulnerable Software and Affected Versions**
M-Files Server versions prior to 24.11
**Description**
A Local File Inclusion issue allows an authenticated user to read server local files of a limited set of filetypes via document preview.
**Recommendations**
For versions prior to 24.11, update to version 24.11 or later to resolve the issue.
As a temporary workaround, consider restricting access to the document preview feature until a patch is available.