Bypass Vulnerability in Nextcloud Files App for Android Devices
CVE-2026-45153

4.6MEDIUM

Key Information:

Vendor

Nextcloud
Status
Security-advisories
Vendor
CVE Published:
1 June 2026

What is CVE-2026-45153?

The Nextcloud Files app for Android devices has a vulnerability that allows users to bypass the provided PIN security by utilizing the device's back button after unlocking a locked phone. This issue affects versions from 33.0.0 up to, but not including, 33.1.0. This vulnerability has been addressed and mitigated in version 33.1.0, enhancing the security measures for users.

Affected Version(s)

security-advisories >= 33.0.0, < 33.1.0

References

https://github.com/nextcloud/security-advisories/security...
x_refsource_CONFIRM
https://github.com/nextcloud/android/pull/16896
x_refsource_MISC
https://hackerone.com/reports/3625210
x_refsource_MISC

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.