File Disclosure Vulnerability in Nextcloud by Nextcloud
CVE-2026-45277

3.3LOW

Key Information:

Vendor

Nextcloud
Status
Security-advisories
Vendor
CVE Published:
1 June 2026

What is CVE-2026-45277?

Nextcloud, a leading open-source content collaboration platform, was found to have a vulnerability that allows authenticated users to ascertain the presence of arbitrary files linked with specific approval workflows. This oversight can be exploited to potentially gain unauthorized access to sensitive files that should remain protected within the approval process. The issue has been addressed and patched in version 2.7.2.

Affected Version(s)

security-advisories < 2.7.2

References

https://github.com/nextcloud/security-advisories/security...
x_refsource_CONFIRM
https://github.com/nextcloud/approval/pull/356
x_refsource_MISC
https://hackerone.com/reports/3475210
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.