CVE-2026-45159

3.5 LOW

Nextcloud is an open source content collaboration platform

Published: 2026-06-01 · Last updated: 2026-06-01

Severity and scoring

CVSS: 3.5 LOW
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-639

Description

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-end encrypted folders of the share owner. Reading and modifying of other files was not possible. This issue has been patched in versions 1.15.4, 1.16.3, 1.17.1, 1.18.1, and 2.0.0-rc.7.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-44692 — Sharp is a content management framework built for Laravel as a package (7.7 HIGH)
CVE-2026-46558 — Plane is an open-source project management tool (8.3 HIGH)
CVE-2026-53471 — A flaw was found in migration-planner (9.6 CRITICAL)
CVE-2026-53470 — A flaw was found in migration-planner (9.6 CRITICAL)
CVE-2026-45563 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (4.3 MEDIUM)