Vulnerability-Lookup

WID-SEC-W-2026-1517

Vulnerability from csaf_certbund - Published: 2026-05-12 22:00 - Updated: 2026-06-01 22:00

Summary

Nextcloud: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Nextcloud ist eine "on-premise" Plattform für Dateifreigabe und Zusammenarbeit.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Nextcloud ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um einen SQL-Injection Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2026-45543

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Nextcloud Nextcloud Forms <5.2.7 Nextcloud / Nextcloud		Forms <5.2.7

CVE-2026-45544

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Nextcloud Nextcloud Tables <0.9.8 Nextcloud / Nextcloud		Tables <0.9.8
Nextcloud Nextcloud Tables <0.7.7 Nextcloud / Nextcloud		Tables <0.7.7
Nextcloud Nextcloud Tables <0.8.10 Nextcloud / Nextcloud		Tables <0.8.10
Nextcloud Nextcloud Tables <1.0.4 Nextcloud / Nextcloud		Tables <1.0.4
Nextcloud Nextcloud Tables <2.0.0 Nextcloud / Nextcloud		Tables <2.0.0

CVE-2026-45545

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Nextcloud Nextcloud Tables <0.9.8 Nextcloud / Nextcloud		Tables <0.9.8
Nextcloud Nextcloud Tables <0.7.7 Nextcloud / Nextcloud		Tables <0.7.7
Nextcloud Nextcloud Tables <0.8.10 Nextcloud / Nextcloud		Tables <0.8.10
Nextcloud Nextcloud Tables <1.0.4 Nextcloud / Nextcloud		Tables <1.0.4
Nextcloud Nextcloud Tables <2.0.0 Nextcloud / Nextcloud		Tables <2.0.0

CVE-2026-45691

Affected products

Known affected 7 products

Product	Identifier	Version	Remediation
Nextcloud Nextcloud Enterprise Server <32.0.9 Nextcloud / Nextcloud		Enterprise Server <32.0.9
Nextcloud Nextcloud Enterprise Server <33.0.3 Nextcloud / Nextcloud		Enterprise Server <33.0.3
Nextcloud Nextcloud Server <32.0.9 Nextcloud / Nextcloud		Server <32.0.9
Nextcloud Nextcloud Server <33.0.3 Nextcloud / Nextcloud		Server <33.0.3
Nextcloud Nextcloud Enterprise Server <29.0.16.16 Nextcloud / Nextcloud		Enterprise Server <29.0.16.16
Nextcloud Nextcloud Enterprise Server <30.0.17.9 Nextcloud / Nextcloud		Enterprise Server <30.0.17.9
Nextcloud Nextcloud Enterprise Server <31.0.14.5 Nextcloud / Nextcloud		Enterprise Server <31.0.14.5

References

6 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/nextcloud/security-advisories/…	external
https://github.com/nextcloud/security-advisories/…	external
https://github.com/nextcloud/security-advisories/…	external
https://github.com/nextcloud/security-advisories/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Nextcloud ist eine \"on-premise\" Plattform f\u00fcr Dateifreigabe und Zusammenarbeit.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Nextcloud ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um einen SQL-Injection Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1517 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1517.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1517 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1517"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-mp6x-g55j-w9jw vom 2026-05-12",
        "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mp6x-g55j-w9jw"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-q4fw-6jf8-5vhh vom 2026-05-12",
        "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q4fw-6jf8-5vhh"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-vvxm-6jjp-m9mp vom 2026-05-12",
        "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vvxm-6jjp-m9mp"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-x43f-gmgh-vvjj vom 2026-05-12",
        "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x43f-gmgh-vvjj"
      }
    ],
    "source_lang": "en-US",
    "title": "Nextcloud: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-01T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-02T07:07:35.725+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1517",
      "initial_release_date": "2026-05-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-06-01T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-33718, EUVD-2026-33715, EUVD-2026-33714, EUVD-2026-33713"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Forms \u003c5.2.7",
                "product": {
                  "name": "Nextcloud Nextcloud Forms \u003c5.2.7",
                  "product_id": "T053993"
                }
              },
              {
                "category": "product_version",
                "name": "Forms 5.2.7",
                "product": {
                  "name": "Nextcloud Nextcloud Forms 5.2.7",
                  "product_id": "T053993-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:forms__5.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Tables \u003c1.0.4",
                "product": {
                  "name": "Nextcloud Nextcloud Tables \u003c1.0.4",
                  "product_id": "T053994"
                }
              },
              {
                "category": "product_version",
                "name": "Tables 1.0.4",
                "product": {
                  "name": "Nextcloud Nextcloud Tables 1.0.4",
                  "product_id": "T053994-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:tables__1.0.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Tables \u003c2.0.0",
                "product": {
                  "name": "Nextcloud Nextcloud Tables \u003c2.0.0",
                  "product_id": "T053995"
                }
              },
              {
                "category": "product_version",
                "name": "Tables 2.0.0",
                "product": {
                  "name": "Nextcloud Nextcloud Tables 2.0.0",
                  "product_id": "T053995-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:tables__2.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Tables \u003c0.7.7",
                "product": {
                  "name": "Nextcloud Nextcloud Tables \u003c0.7.7",
                  "product_id": "T053996"
                }
              },
              {
                "category": "product_version",
                "name": "Tables 0.7.7",
                "product": {
                  "name": "Nextcloud Nextcloud Tables 0.7.7",
                  "product_id": "T053996-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:tables__0.7.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Tables \u003c0.8.10",
                "product": {
                  "name": "Nextcloud Nextcloud Tables \u003c0.8.10",
                  "product_id": "T053997"
                }
              },
              {
                "category": "product_version",
                "name": "Tables 0.8.10",
                "product": {
                  "name": "Nextcloud Nextcloud Tables 0.8.10",
                  "product_id": "T053997-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:tables__0.8.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Tables \u003c0.9.8",
                "product": {
                  "name": "Nextcloud Nextcloud Tables \u003c0.9.8",
                  "product_id": "T053998"
                }
              },
              {
                "category": "product_version",
                "name": "Tables 0.9.8",
                "product": {
                  "name": "Nextcloud Nextcloud Tables 0.9.8",
                  "product_id": "T053998-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:tables__0.9.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Server \u003c33.0.3",
                "product": {
                  "name": "Nextcloud Nextcloud Server \u003c33.0.3",
                  "product_id": "T053999"
                }
              },
              {
                "category": "product_version",
                "name": "Server 33.0.3",
                "product": {
                  "name": "Nextcloud Nextcloud Server 33.0.3",
                  "product_id": "T053999-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:server__33.0.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Server \u003c32.0.9",
                "product": {
                  "name": "Nextcloud Nextcloud Server \u003c32.0.9",
                  "product_id": "T054000"
                }
              },
              {
                "category": "product_version",
                "name": "Server 32.0.9",
                "product": {
                  "name": "Nextcloud Nextcloud Server 32.0.9",
                  "product_id": "T054000-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:server__32.0.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise Server \u003c33.0.3",
                "product": {
                  "name": "Nextcloud Nextcloud Enterprise Server \u003c33.0.3",
                  "product_id": "T054001"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise Server 33.0.3",
                "product": {
                  "name": "Nextcloud Nextcloud Enterprise Server 33.0.3",
                  "product_id": "T054001-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:enterprise_server__33.0.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise Server \u003c32.0.9",
                "product": {
                  "name": "Nextcloud Nextcloud Enterprise Server \u003c32.0.9",
                  "product_id": "T054002"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise Server 32.0.9",
                "product": {
                  "name": "Nextcloud Nextcloud Enterprise Server 32.0.9",
                  "product_id": "T054002-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:enterprise_server__32.0.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise Server \u003c31.0.14.5",
                "product": {
                  "name": "Nextcloud Nextcloud Enterprise Server \u003c31.0.14.5",
                  "product_id": "T054003"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise Server 31.0.14.5",
                "product": {
                  "name": "Nextcloud Nextcloud Enterprise Server 31.0.14.5",
                  "product_id": "T054003-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:enterprise_server__31.0.14.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise Server \u003c30.0.17.9",
                "product": {
                  "name": "Nextcloud Nextcloud Enterprise Server \u003c30.0.17.9",
                  "product_id": "T054004"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise Server 30.0.17.9",
                "product": {
                  "name": "Nextcloud Nextcloud Enterprise Server 30.0.17.9",
                  "product_id": "T054004-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:enterprise_server__30.0.17.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise Server \u003c29.0.16.16",
                "product": {
                  "name": "Nextcloud Nextcloud Enterprise Server \u003c29.0.16.16",
                  "product_id": "T054005"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise Server 29.0.16.16",
                "product": {
                  "name": "Nextcloud Nextcloud Enterprise Server 29.0.16.16",
                  "product_id": "T054005-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:enterprise_server__29.0.16.16"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Nextcloud"
          }
        ],
        "category": "vendor",
        "name": "Nextcloud"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-45543",
      "product_status": {
        "known_affected": [
          "T053993"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-45543"
    },
    {
      "cve": "CVE-2026-45544",
      "product_status": {
        "known_affected": [
          "T053998",
          "T053996",
          "T053997",
          "T053994",
          "T053995"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-45544"
    },
    {
      "cve": "CVE-2026-45545",
      "product_status": {
        "known_affected": [
          "T053998",
          "T053996",
          "T053997",
          "T053994",
          "T053995"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-45545"
    },
    {
      "cve": "CVE-2026-45691",
      "product_status": {
        "known_affected": [
          "T054002",
          "T054001",
          "T054000",
          "T053999",
          "T054005",
          "T054004",
          "T054003"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-45691"
    }
  ]
}

CVE-2026-45543 (GCVE-0-2026-45543)

Vulnerability from cvelistv5 – Published: 2026-06-01 17:00 – Updated: 2026-06-01 19:33

Title

Nextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share

Summary

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had results access. This issue has been patched in version 5.2.7.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-552 - Files or Directories Accessible to External Parties

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/nextcloud/security-advisories/…	x_refsource_CONFIRM
https://github.com/nextcloud/forms/pull/3291	x_refsource_MISC
https://hackerone.com/reports/3617352	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
nextcloud	security-advisories	Affected: >= 4.3.0, < 5.2.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45543",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T19:33:00.290011Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T19:33:14.762Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.3.0, \u003c 5.2.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had results access. This issue has been patched in version 5.2.7."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552: Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T17:00:48.861Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q4fw-6jf8-5vhh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q4fw-6jf8-5vhh"
        },
        {
          "name": "https://github.com/nextcloud/forms/pull/3291",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/forms/pull/3291"
        },
        {
          "name": "https://hackerone.com/reports/3617352",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/3617352"
        }
      ],
      "source": {
        "advisory": "GHSA-q4fw-6jf8-5vhh",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45543",
    "datePublished": "2026-06-01T17:00:48.861Z",
    "dateReserved": "2026-05-12T17:48:47.879Z",
    "dateUpdated": "2026-06-01T19:33:14.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45544 (GCVE-0-2026-45544)

Vulnerability from cvelistv5 – Published: 2026-06-01 17:03 – Updated: 2026-06-01 21:40

Title

Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService

Summary

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1230 - Exposure of Sensitive Information Through Metadata

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/nextcloud/security-advisories/…	x_refsource_CONFIRM
https://github.com/nextcloud/tables/pull/2312	x_refsource_MISC
https://hackerone.com/reports/3483753	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
nextcloud	security-advisories	Affected: >= 0.8.0, < 1.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45544",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T21:39:59.421765Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T21:40:07.823Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.8.0, \u003c 1.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1230",
              "description": "CWE-1230: Exposure of Sensitive Information Through Metadata",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T17:03:06.911Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vvxm-6jjp-m9mp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vvxm-6jjp-m9mp"
        },
        {
          "name": "https://github.com/nextcloud/tables/pull/2312",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/tables/pull/2312"
        },
        {
          "name": "https://hackerone.com/reports/3483753",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/3483753"
        }
      ],
      "source": {
        "advisory": "GHSA-vvxm-6jjp-m9mp",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45544",
    "datePublished": "2026-06-01T17:03:06.911Z",
    "dateReserved": "2026-05-12T17:48:47.879Z",
    "dateUpdated": "2026-06-01T21:40:07.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45545 (GCVE-0-2026-45545)

Vulnerability from cvelistv5 – Published: 2026-06-01 17:05 – Updated: 2026-06-02 15:23

Title

Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution

Summary

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries, through a stored injection. With carefully crafted input it is possible to break out of the length limitation. The attacker could use this to extract information from the database, or modify data. This issue has been patched in versions 0.7.7, 0.8.10, 0.9.8, 1.0.4, and 2.0.0.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/nextcloud/security-advisories/…	x_refsource_CONFIRM
https://github.com/nextcloud/tables/pull/2309	x_refsource_MISC
https://hackerone.com/reports/3462991	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
nextcloud	security-advisories	Affected: >= 0.7.0, < 0.7.7 Affected: >= 0.8.0, < 0.8.10 Affected: >= 0.9.0, < 0.9.8 Affected: >= 1.0.0, < 1.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45545",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T15:23:14.033691Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T15:23:30.574Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.7.0, \u003c 0.7.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.8.0, \u003c 0.8.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.9.0, \u003c 0.9.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries, through a stored injection. With carefully crafted input it is possible to break out of the length limitation. The attacker could use this to extract information from the database, or modify data. This issue has been patched in versions 0.7.7, 0.8.10, 0.9.8, 1.0.4, and 2.0.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T17:05:18.396Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x43f-gmgh-vvjj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x43f-gmgh-vvjj"
        },
        {
          "name": "https://github.com/nextcloud/tables/pull/2309",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/tables/pull/2309"
        },
        {
          "name": "https://hackerone.com/reports/3462991",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/3462991"
        }
      ],
      "source": {
        "advisory": "GHSA-x43f-gmgh-vvjj",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45545",
    "datePublished": "2026-06-01T17:05:18.396Z",
    "dateReserved": "2026-05-12T17:48:47.879Z",
    "dateUpdated": "2026-06-02T15:23:30.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45691 (GCVE-0-2026-45691)

Vulnerability from cvelistv5 – Published: 2026-06-01 17:09 – Updated: 2026-06-01 19:10

Title

Nextcloud: Bypass of second factor authentication on DAV endpoints

Summary

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful password authentication but before TOTP completion) could be reused as a Bearer token to authenticate against DAV endpoints, granting read/write access and bypassing mandatory two-factor authentication. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9 or 29.0.16.16

Severity

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-287 - Improper Authentication

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/nextcloud/security-advisories/…	x_refsource_CONFIRM
https://github.com/nextcloud/server/pull/59758	x_refsource_MISC
https://hackerone.com/reports/3573399	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
nextcloud	security-advisories	Affected: >= 32.0.0, < 32.0.9 Affected: >= 33.0.0, < 33.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45691",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T19:09:58.256884Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T19:10:18.647Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 32.0.0, \u003c 32.0.9"
            },
            {
              "status": "affected",
              "version": "\u003e= 33.0.0, \u003c 33.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful password authentication but before TOTP completion) could be reused as a Bearer token to authenticate against DAV endpoints, granting read/write access and bypassing mandatory two-factor authentication. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9 or 29.0.16.16"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T17:09:48.217Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mp6x-g55j-w9jw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mp6x-g55j-w9jw"
        },
        {
          "name": "https://github.com/nextcloud/server/pull/59758",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/pull/59758"
        },
        {
          "name": "https://hackerone.com/reports/3573399",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/3573399"
        }
      ],
      "source": {
        "advisory": "GHSA-mp6x-g55j-w9jw",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud: Bypass of second factor authentication on DAV endpoints"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45691",
    "datePublished": "2026-06-01T17:09:48.217Z",
    "dateReserved": "2026-05-13T04:38:01.164Z",
    "dateUpdated": "2026-06-01T19:10:18.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1517

CVE-2026-45543 (GCVE-0-2026-45543)

CVE-2026-45544 (GCVE-0-2026-45544)

CVE-2026-45545 (GCVE-0-2026-45545)

CVE-2026-45691 (GCVE-0-2026-45691)

Tags

Sightings

Nomenclature