File Rename Vulnerability in Nextcloud Collaboration Platform
CVE-2026-45264
4.3MEDIUM
What is CVE-2026-45264?
Nextcloud, a widely used open-source content collaboration platform, has a vulnerability that allows users with READ and CREATE permissions—but without UPDATE permissions—to rename files within team folders. This issue affects several versions of the product, leaving the potential for unauthorized modifications in collaborative environments. The vulnerability has been addressed in subsequent releases, notably versions 17.0.15, 18.1.12, 19.1.16, 20.1.11, and 21.0.4, ensuring enhanced file management security.
Affected Version(s)
security-advisories >= 17.0.0, < 17.0.15 < 17.0.0, 17.0.15
security-advisories >= 18.0.0, < 18.1.12 < 18.0.0, 18.1.12
security-advisories >= 19.0.0, < 19.1.16 < 19.0.0, 19.1.16