PT-2026-45474 · Nextcloud · Nextcloud
Itsbalvant
·
Published
2026-06-01
·
Updated
2026-06-01
·
CVE-2026-45159
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud versions 1.15.0 through 1.15.3
Nextcloud versions 1.16.0 through 1.16.2
Nextcloud versions 1.17.0
Nextcloud versions 1.18.0
Description
An issue exists in the content collaboration platform where a malicious user possessing an end-to-end encrypted files drop link can upload files into other end-to-end encrypted folders belonging to the share owner. This action is limited to dropping files; reading or modifying existing files is not possible.
Recommendations
Update to version 1.15.4
Update to version 1.16.3
Update to version 1.17.1
Update to version 1.18.1
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextcloud