PT-2026-45470 · Nextcloud · Collectives
Yoyomiski
·
Published
2026-06-01
·
Updated
2026-06-01
·
CVE-2026-45154
CVSS v3.1
2.6
Low
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud versions 2.6.0 through 4.2.x
Description
An improper access control issue exists in the Collectives application. When pages within a collective are deleted and the collective is shared with view-only permissions, guests with access to the collective can directly access those deleted pages from the trashbin.
Recommendations
Update to version 4.3.0.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Collectives