NextCloud Files approval information leakage vulnerability

NextCloud Files Approval is an open-source file approval software developed by NextCloud. Versions of NextCloud Files Approval prior to version 2.7.2 had a vulnerability related to information leakage. This vulnerability stemmed from a lack of permission checks, allowing authenticated users to...

NextCloud SQL Injection Vulnerability

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. Versions of Nextcloud from 0.9.0 to 0.9.7, as well as versions from 1.0.0 to 1.0.2, had a SQL injection vulnerability. This vulnerability stemmed from...

PT-2026-45475

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

NextCloud Access Control Vulnerability

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. Vulnerabilities existed in versions of Nextcloud prior to 21.1.10, 22.0.11, and 23.0.3 due to access control flaws. These vulnerabilities stemmed from...

NextCloud Server Authorization Issues Vulnerability

NextCloud Server is an open-source NextCloud server program. Versions of NextCloud Server from 32.0.0 to 32.0.9 and from 33.0.0 to 33.0.3 had authorization-related vulnerabilities. These vulnerabilities stemmed from authentication bypasses, allowing attackers who know the user’s password to...

NextCloud Forms security vulnerabilities

NextCloud Forms is an open-source, hosted questionnaire and form creation tool developed by NextCloud. There were security vulnerabilities in versions 4.3.0 to 5.2.7 of NextCloud Forms, which stemmed from unauthorized access to respondent files uploaded through affected forms, due to retained...

PT-2026-45533

Name of the Vulnerable Software and Affected Versions Nextcloud versions 0.7.0 through 0.7.6 Nextcloud versions 0.8.0 through 0.8.9 Nextcloud versions 0.9.0 through 0.9.7 Nextcloud versions 1.0.0 through 1.0.3 Description An authenticated attacker with access to the Tables app can execute arbitra...

NextCloud Tables security vulnerabilities

NextCloud Tables is an open-source table application developed by NextCloud. There were security vulnerabilities in the version of NextCloud Tables from 0.8.0 to 1.0.4. These vulnerabilities stemmed from view filter conditions being exposed to users with read-only permissions...

PT-2026-45521

Name of the Vulnerable Software and Affected Versions Nextcloud Approval app versions prior to 2.7.2 Description A privilege escalation issue exists in the Approval app of the Nextcloud content collaboration platform. This flaw allows a user lacking sharing permissions to force the system to shar...

PT-2026-45523

Name of the Vulnerable Software and Affected Versions Nextcloud versions 6.1.0 through 8.2.1 Description An attacker can craft malicious links that redirect users to an external website when the victim attempts to log in using OpenID Connect OIDC, a protocol used for authentication. Recommendatio...

PT-2026-45536

Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the tables app to perform a limited SQL injection in the ORDER BY statement of a query. Compared to...

NextCloud Server security vulnerabilities

NextCloud Server is an open-source NextCloud server program. There were security vulnerabilities in versions 31.0.0 to 31.0.12, and in versions 32.0.0 to 32.0.3 of NextCloud Server. These vulnerabilities stemmed from a lack of relational checks, which could allow authenticated users to read all...

NextCloud Server Authorization Issues Vulnerability

NextCloud Server is an open-source NextCloud server program developed by NextCloud. Versions of NextCloud Server from 32.0.0 to 32.0.9 and from 33.0.0 to 33.0.3 contained vulnerabilities related to authorization. These vulnerabilities stemmed from the possibility that the session cookie, which...

NextCloud Forms security vulnerabilities

NextCloud Forms is an open-source, hosted questionnaire and form creation tool developed by NextCloud. Versions of NextCloud Forms prior to 5.2.6 contained a security vulnerability due to a lack of permission checks. This vulnerability could allow users to request access to other users’ form...

PT-2026-45525

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 32.0.0 through 32.0.8 Nextcloud Server versions 33.0.0 through 33.0.2 Nextcloud Enterprise Server versions prior to 33.0.3 Nextcloud Enterprise Server versions prior to 32.0.9 Nextcloud Enterprise Server versions prio...

NextCloud Calendar information leakage vulnerability

NextCloud Calendar is an open-source calendar application developed by NextCloud. There were information leakage vulnerabilities in versions 5.5.13 to 5.5.17 and 6.2.0 to 6.2.3 of NextCloud Calendar. These vulnerabilities stemmed from the lack of shared restrictions applied to the meeting...

PT-2026-45477

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

PT-2026-45538

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

PT-2026-45469

Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud Files app PIN. This issue has been patched in version 33.1.0...

NextCloud Teams security vulnerabilities

NextCloud Teams is an open-source team collaboration and group management tool developed by NextCloud. There were security vulnerabilities in versions of NextCloud Teams between 32.0.0 and 32.0.9, as well as between 33.0.0 and 33.0.3. These vulnerabilities stemmed from the system automatically...