PT-2026-45524 · Nextcloud · Nextcloud Enterprise Server+1

Daw1012345

Published

2026-06-01

Updated

2026-06-02

CVE-2026-45279

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 31.0.0 through 31.0.13 Nextcloud Server versions 32.0.0 through 32.0.3 Nextcloud Enterprise Server versions prior to 28.0.14.15 Nextcloud Enterprise Server versions prior to 29.0.17.12 Nextcloud Enterprise Server versions prior to 30.0.17.7 Nextcloud Enterprise Server versions prior to 31.0.14 Nextcloud Enterprise Server versions prior to 32.0.4

Description An issue exists in the content collaboration platform where non-admin users can copy arbitrary files into their own directory using path traversal, provided that {lang} is used in the template directory configuration value. The ability to copy files depends on the underlying unix permissions.

Recommendations Upgrade Nextcloud Server to version 31.0.14 or 32.0.4. Upgrade Nextcloud Enterprise Server to version 28.0.14.15, 29.0.17.12, 30.0.17.7, 31.0.14, or 32.0.4.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-45279

Affected Products

Nextcloud Enterprise Server

Nextcloud Server

PT-2026-45524 · Nextcloud · Nextcloud Enterprise Server+1

CVE-2026-45279

Weakness Enumeration

Related Identifiers

Affected Products

References · 5