CVE-2026-45810

{"id": "CVE-2026-45810", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2026-06-01T19:16:53.357", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-285v-p9x9-cjhj", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/server/pull/56982", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://hackerone.com/reports/3425534", "tags": ["Permissions Required"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended that the Nextcloud Server is upgraded to 31.0.12 or 32.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 21.0.9.20, 22.2.10.35, 23.0.12.31, 24.0.12.30, 25.0.13.25, 26.0.13.22, 27.1.11.22, 28.0.14.13, 29.0.16.10, 30.0.17.5, 31.0.12 or 32.0.3"}], "lastModified": "2026-06-04T16:51:19.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "A6FF62FC-BAAC-42FE-80AA-1ECF1752D9D4", "versionEndExcluding": "31.0.12", "versionStartIncluding": "31.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B91E03-3683-47A0-8D5D-8F463D1957F2", "versionEndExcluding": "32.0.3", "versionStartIncluding": "32.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "098EE605-7FDE-46B7-9C43-F60DA409E0A5", "versionEndExcluding": "21.0.9.20", "versionStartIncluding": "21.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C85D72D8-C79D-4C14-B182-56AF5D3C8112", "versionEndExcluding": "22.2.10.35", "versionStartIncluding": "22.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "EEB2590D-E809-4D9E-839B-CCB4ECB6520C", "versionEndExcluding": "23.0.12.31", "versionStartIncluding": "23.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "3995AF52-3ADF-46F5-830C-ECD524E2BE96", "versionEndExcluding": "24.0.12.30", "versionStartIncluding": "24.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "A30EC2CC-134F-47D0-B70F-E2B81593DC5D", "versionEndExcluding": "25.0.13.25", "versionStartIncluding": "25.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "12D207A6-CCF2-411E-B88C-24DEC2E6A738", "versionEndExcluding": "26.0.13.22", "versionStartIncluding": "26.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "8BBD9235-DE99-4414-A359-7099FA33031C", "versionEndExcluding": "27.1.11.22", "versionStartIncluding": "27.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F67E6578-F627-466B-9BE2-E8E61798EE00", "versionEndExcluding": "28.0.14.13", "versionStartIncluding": "28.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "582AFA70-8388-4EDB-A1C1-7808669B1928", "versionEndExcluding": "29.0.16.10", "versionStartIncluding": "29.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "3740C0F2-E103-42E6-91BA-13F807D0C3E9", "versionEndExcluding": "30.0.17.5", "versionStartIncluding": "30.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "EE1373FF-E182-4502-AFA0-CB4191CBC1A3", "versionEndExcluding": "31.0.12", "versionStartIncluding": "31.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "88F735F3-E164-4261-A5D8-8F32DB2AA218", "versionEndExcluding": "32.0.3", "versionStartIncluding": "32.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}