2 matches found
CVE-2026-45275
CVE-2026-45275 affects Nextcloud with the Approval app prior to version 2.7.2. A privilege-escalation flaw allows a user who lacks sharing permissions to trigger the system to share a file with approvers, resulting in an authorization bypass and potential unauthorized distribution of restricted f...
CVE-2026-45277
Nextcloud (Approval app) suffers information disclosure via the fileId parameter: authenticated users can determine whether arbitrary files are linked to specific approval workflows. Root cause appears to be insufficient access controls exposing workflow associations. The issue is confirmed resol...