CVE-2026-45155

Nextcloud Server is affected by CVE-2026-45155 due to a missing API-level access check that allows adding unknown circle IDs to other circles. Affected versions are 32.0.0–32.0.6 and 33.0.0–33.0.0 (i.e., before 32.0.7 and before 33.0.1). The underlying issue could enable unauthorized membership t...

EUVD-2026-33674

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by...