CVE-2026-45281

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the...

CVE-2026-45281 Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the...

CVE-2023-30539

Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Serv...

PT-2023-8883 · Nextcloud +2 · Nextcloud Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.10 Nextcloud Server versions 26.0.0 through 26.0.5 Nextcloud Server versions 27.0.0 through 27.0.0 Nextcloud Enterprise Server versions 22.0.0 through 22.2.10.15 Nextcloud Enterprise Server versio...

CVE-2023-39952

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced...

PT-2022-24812 · Nextcloud +1 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.8 Nextcloud Server versions prior to 24.0.4 Nextcloud Enterprise Server versions prior to 22.2.10.4 Nextcloud Enterprise Server versions prior to 23.0.8 Nextcloud Enterprise Server versions prior to...