CVE-2021-39220 — Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by... · QSearch CVE Watch

Severity and scoring

CVSS: 3.5 LOW
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CWE: CWE-20, CWE-200

Affected products

Vendor	Product
nextcloud	mail

Description

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading.

Source: NVD

References

Related CVEs

Same vendor

CVE-2026-45810 — Nextcloud is an open source content collaboration platform (6.8 MEDIUM)
CVE-2026-45722 — Nextcloud is an open source content collaboration platform (7.1 HIGH)
CVE-2026-45691 — Nextcloud is an open source content collaboration platform (5.9 MEDIUM)
CVE-2026-45690 — Nextcloud is an open source content collaboration platform (5.9 MEDIUM)
CVE-2026-45545 — Nextcloud is an open source content collaboration platform (8.2 HIGH)

Same CWE

CVE-2026-12117 — Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to ...
CVE-2026-12320 — Information disclosure in the Password Manager component (4.3 MEDIUM)
CVE-2026-12311 — Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
CVE-2026-50870 — An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensi... (7.5 HIGH)
CVE-2026-39007 — An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export ... (7.5 HIGH)