QSearchQSearch

CVE-2026-45286

4.3 MEDIUM

Nextcloud is an open source content collaboration platform

Published: 2026-06-01 · Last updated: 2026-06-03

Severity and scoring

CVSS
4.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
CWE-200

Affected products

VendorProduct
nextcloudcalendar

Description

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied to other endpoints, were not effective here. This issue has been patched in versions 5.5.17 and 6.2.3.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-45810 Nextcloud is an open source content collaboration platform (6.8 MEDIUM)
  • CVE-2026-45722 Nextcloud is an open source content collaboration platform (7.1 HIGH)
  • CVE-2026-45691 Nextcloud is an open source content collaboration platform (5.9 MEDIUM)
  • CVE-2026-45690 Nextcloud is an open source content collaboration platform (5.9 MEDIUM)
  • CVE-2026-45545 Nextcloud is an open source content collaboration platform (8.2 HIGH)

Same CWE

  • CVE-2026-12203 A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215 (5.3 MEDIUM)
  • CVE-2026-49397 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (5.3 MEDIUM)
  • CVE-2026-47124 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.5 MEDIUM)
  • CVE-2026-54396 An information disclosure vulnerability exists in the MISP AuthKey edit functionality
  • CVE-2026-47264 Discourse is an open-source discussion platform (5.3 MEDIUM)