CVE-2021-41810

5.2 MEDIUM
Published: May 02, 2022 Modified: February 23, 2026
View on NVD

Description

Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://empower.m-files.com/security-advisories/CVE-2021-41810
Source: security@m-files.com
https://product.m-files.com/security-advisories/cve-2021-41810/
Source: security@m-files.com
https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/
Source: security@m-files.com
Vendor Advisory
https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.2 / 10.0
EPSS (Exploit Probability)
0.4%
60th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79 CWE-79

Affected Vendors

m-files

Related CVEs

CVE-2026-4497 7.3
CVE-2026-4496 5.3
CVE-2026-33010 8.1
CVE-2026-32710 8.5
CVE-2026-32318 7.6