Microphone Control Vulnerability in Nextcloud by Nextcloud
CVE-2026-45266

3.5LOW

Key Information:

Vendor

Nextcloud
Status
Security-advisories
Vendor
CVE Published:
1 June 2026

What is CVE-2026-45266?

A vulnerability in Nextcloud allows a low-privileged user to mute the microphones of other users during calls when a high-performance backend is not installed. This issue is particularly concerning as it enables unauthorized control in collaborative environments. The vulnerability affects certain versions of Nextcloud, necessitating urgent upgrades to versions 21.1.10, 22.0.11, and 23.0.3, where it has been patched.

Affected Version(s)

security-advisories < 21.1.10 < 21.1.10

security-advisories < 22.0.11 < 22.0.11

security-advisories < 23.0.3 < 23.0.3

References

https://github.com/nextcloud/security-advisories/security...
x_refsource_CONFIRM
https://github.com/nextcloud/spreed/pull/17577
x_refsource_MISC
https://hackerone.com/reports/3636758
x_refsource_MISC

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.