CVE-2026-45722

7.1 HIGH

Nextcloud is an open source content collaboration platform

Published: 2026-06-01 · Last updated: 2026-06-04

Severity and scoring

CVSS: 7.1 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CWE: CWE-89

Affected products

Vendor	Product
nextcloud	tables

Description

Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the tables app to perform a limited SQL injection in the ORDER BY statement of a query. Compared to normal SQL injections, the ORDER BY is limited to extracting a single bit of information per request or to make the database wait for a given time. This issue has been patched in versions 0.9.7 and 1.0.2.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45722
[Vendor advisory]https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5h2w-c7px-hp4j
[Patch]https://github.com/nextcloud/tables/pull/2186
[Other]https://hackerone.com/reports/3446689

Related CVEs

Same vendor

CVE-2026-45810 — Nextcloud is an open source content collaboration platform (6.8 MEDIUM)
CVE-2026-45691 — Nextcloud is an open source content collaboration platform (5.9 MEDIUM)
CVE-2026-45690 — Nextcloud is an open source content collaboration platform (5.9 MEDIUM)
CVE-2026-45545 — Nextcloud is an open source content collaboration platform (8.2 HIGH)
CVE-2026-45544 — Nextcloud is an open source content collaboration platform (4.3 MEDIUM)

Same CWE

CVE-2026-53474 — A flaw was found in migration-planner (9.6 CRITICAL)
CVE-2026-52758 — Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL qu... (8.8 HIGH)
CVE-2026-49498 — Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to e... (8.8 HIGH)
CVE-2026-3018 — The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up t... (7.5 HIGH)
CVE-2026-3326 — The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX ... (8.6 HIGH)