QSearchQSearch

CVE-2021-39225

8.1 HIGH

Nextcloud is an open-source, self-hosted productivity platform

Published: 2021-10-25 · Last updated: 2026-06-17

Severity and scoring

CVSS
8.1 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE
CWE-639, CWE-862

Affected products

VendorProduct
nextclouddeck

Description

Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-45810 Nextcloud is an open source content collaboration platform (6.8 MEDIUM)
  • CVE-2026-45722 Nextcloud is an open source content collaboration platform (7.1 HIGH)
  • CVE-2026-45691 Nextcloud is an open source content collaboration platform (5.9 MEDIUM)
  • CVE-2026-45690 Nextcloud is an open source content collaboration platform (5.9 MEDIUM)
  • CVE-2026-45545 Nextcloud is an open source content collaboration platform (8.2 HIGH)

Same CWE

  • CVE-2026-12105 Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplicat...
  • CVE-2026-53866 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators ... (8.1 HIGH)
  • CVE-2026-53863 OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs (7.1 HIGH)
  • CVE-2026-53851 OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite... (5.3 MEDIUM)
  • CVE-2026-53850 OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated caller... (5.5 MEDIUM)