CVE-2023-26041

Name of the Vulnerable Software and Affected Versions Nextcloud Talk versions prior to 15.0.3

Description Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured, messages were not expired, and the API would still return them while they were hidden by the frontend code.

Recommendations For versions prior to 15.0.3, upgrade to version 15.0.3 to resolve the issue. As a temporary workaround, consider configuring cron jobs properly to expire messages, until a patch is available.