Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/01 10:13 p.m.12 views

CVE-2026-45691

A flaw was found in Nextcloud Server. An attacker could reuse a pre-two-factor authentication 2FA session cookie as a Bearer token. This allows them to authenticate against DAV endpoints, granting unauthorized read and write access and bypassing the mandatory two-factor authentication. Mitigation...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 7:16 p.m.15 views

CVE-2026-45691

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS0.0029EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 5:9 p.m.95 views

CVE-2026-45691

Summary: CVE-2026-45691 affects Nextcloud Server prior to 32.0.9 and 33.0.3, where a pre-2FA session cookie created after password auth but before TOTP could be reused as a Bearer token to access DAV endpoints, bypassing mandatory two-factor authentication and granting read/write access. Impact: ...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.25 views

PT-2026-45535

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 32.0.0 through 32.0.8 Nextcloud Server versions 33.0.0 through 33.0.2 Nextcloud Enterprise Server versions prior to 29.0.16.16 Nextcloud Enterprise Server versions prior to 30.0.17.9 Nextcloud Enterprise Server versio...

5.9CVSS6.1AI score0.0029EPSS
Exploits0References7
Rows per page
Query Builder