PT-2026-45521 · Nextcloud · Approval App
Yoyomiski
·
Published
2026-06-01
·
Updated
2026-06-02
·
CVE-2026-45275
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Approval app versions prior to 2.7.2
Description
A privilege escalation issue exists in the Approval app of the Nextcloud content collaboration platform. This flaw allows a user lacking sharing permissions to force the system to share a file with approvers, leading to an authorization bypass and the unauthorized distribution of restricted files.
Recommendations
Update to version 2.7.2.
Fix
LPE
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Approval App