CVE-2026-45810

A flaw was found in Nextcloud Server. An authenticated user with access to any file comment could exploit a missing relation check. This vulnerability allows the user to read the content of all comments within the system, leading to information disclosure. Mitigation Mitigation for this issue is...

CVE-2026-45810

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

CVE-2026-45810

Summary: CVE-2026-45810 affects Nextcloud Server, where a missing relation check allows authenticated users with access to any file comment to read the content of all comments. Affected versions are 31.0.0–31.0.11 and 32.0.0–32.0.2; fixed in 31.0.12 and 32.0.3. Enterprise Server upgrades are prov...

CVE-2026-45810 Nextcloud: Propfind requests for file comments allowed to load comments for other files

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

CVE-2026-45810

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

EUVD-2026-33720

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

Nextcloud Server 安全漏洞

NextCloud Server is an open-source NextCloud server program. There were security vulnerabilities in versions 31.0.0 to 31.0.12, and in versions 32.0.0 to 32.0.3 of NextCloud Server. These vulnerabilities stemmed from a lack of relational checks, which could allow authenticated users to read all...

PT-2026-45538

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

Propfind requests for file comments allowed to load comments for other files

None...

CVE-2023-28876

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users...

Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)

A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

Дырка в Netscape (gif comment scripting)

javascript вставленный в комментарий GIF-файла будет выполнен в контексте локальной машины...