Access Control Vulnerability in Nextcloud Content Collaboration Platform
CVE-2026-45154
2.6LOW
What is CVE-2026-45154?
Nextcloud, a popular open-source content collaboration platform, has an access control vulnerability in versions 2.6.0 to before 4.3.0. This issue allows guests with view-only access to shared collectives to retrieve deleted pages directly from the trashbin. This behavior circumvents expected data protection measures and could lead to unauthorized viewing of sensitive information. The vulnerability is resolved in version 4.3.0, making it crucial for users to update to secure their collaborative environments.
Affected Version(s)
security-advisories >= 2.6.0, < 4.3.0