CVE-2026-45277 Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2...

fileId parameter reveals workflow associations in Nextcloud Approval app

None...

CVE-2025-66515

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

CVE-2025-66515

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

EUVD-2025-201457

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

CVE-2025-66515

The CVE describes an authorization flaw in the Nextcloud Approval app where an authenticated user listed as a workflow requester can place another user’s file into the “pending approval” state using the file’s numeric id, without having access to the file. This affects versions prior to 1.3.1 and...

PT-2025-49295

Name of the Vulnerable Software and Affected Versions Nextcloud Approval app versions prior to 1.3.1 Nextcloud Approval app versions prior to 2.5.0 Description The Nextcloud Approval app has an issue where an authenticated user, listed as a requester in a workflow, can set another user’s file to...