CVE-2026-45282

A flaw was found in Nextcloud Server. An authenticated attacker, by knowing a share token and a document ID, could access attachments of link shares. This circumvents password protection or download restrictions, leading to the disclosure of sensitive information from attachments. Mitigation...

CVE-2026-45155

A flaw was found in Nextcloud Server. A missing access check at the API Application Programming Interface level could allow an authenticated attacker, who has access to a circle ID from another source, to add unknown circles to other circles. This could lead to the disclosure of circle membership...

CVE-2026-45283

A flaw was found in Nextcloud Server. An authenticated user could exploit this vulnerability to lock or unlock files belonging to other users by manipulating WebDAV Web Distributed Authoring and Versioning paths. This issue also led to the disclosure of lock tokens in error responses, potentially...

CVE-2026-45810

A flaw was found in Nextcloud Server. An authenticated user with access to any file comment could exploit a missing relation check. This vulnerability allows the user to read the content of all comments within the system, leading to information disclosure. Mitigation Mitigation for this issue is...

CVE-2026-45691

A flaw was found in Nextcloud Server. An attacker could reuse a pre-two-factor authentication 2FA session cookie as a Bearer token. This allows them to authenticate against DAV endpoints, granting unauthorized read and write access and bypassing the mandatory two-factor authentication. Mitigation...

CVE-2026-45279

A flaw was found in Nextcloud Server. This vulnerability allows non-admin users to perform a path traversal when the lang variable is used in the template directory configuration. An attacker can exploit this to copy arbitrary files, subject to existing Unix permissions, into their own Nextcloud...

CVE-2026-45281

A flaw was found in Nextcloud Server. An authenticated user, with knowledge of another user's principal URL, could exploit improper authorization controls to gain full access to that user's calendar. This allows the attacker to view and modify the victim's calendar, leading to unauthorized...

CVE-2026-45810

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

CVE-2026-45282

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

CVE-2026-45281

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the...

CVE-2026-45279

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if lang is used in the template directory config value, non-admin users can in some cases copy arbitrary files depending on unix permissions into...

CVE-2026-45155

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by...

CVE-2026-45810

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

EUVD-2026-33720

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

CVE-2026-45810

Summary: CVE-2026-45810 affects Nextcloud Server, where a missing relation check allows authenticated users with access to any file comment to read the content of all comments. Affected versions are 31.0.0–31.0.11 and 32.0.0–32.0.2; fixed in 31.0.12 and 32.0.3. Enterprise Server upgrades are prov...

CVE-2026-45691

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

CVE-2026-45690 Nextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

CVE-2026-45690

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

EUVD-2026-33708

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the fileslock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or...

CVE-2026-45282

This CVE affects Nextcloud Server versions 32.0.0–32.0.8 and 33.0.0–33.0.2, where an authenticated attacker can access attachments of link shares using a valid share token and a known documentId, bypassing password protection or download restrictions. The vulnerability enables access to attachmen...