Privileged Escalation Vulnerability in Nextcloud Approval App
CVE-2026-45275

6.5MEDIUM

Key Information:

Vendor

Nextcloud
Status
Security-advisories
Vendor
CVE Published:
1 June 2026

What is CVE-2026-45275?

The Nextcloud Approval app, part of the Nextcloud content collaboration platform, contains a flaw that enables users lacking the necessary permissions to force file sharing with approvers. This vulnerability leads to unauthorized access and can result in the distribution of sensitive files without proper authorization. The issue has been resolved in version 2.7.2.

Affected Version(s)

security-advisories < 2.7.2

References

https://github.com/nextcloud/security-advisories/security...
x_refsource_CONFIRM
https://github.com/nextcloud/approval/pull/392
x_refsource_MISC
https://hackerone.com/reports/3593780
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.