Open Source Content Collaboration Platform Vulnerability in Nextcloud
CVE-2026-45278

3.3LOW

Key Information:

Vendor

Nextcloud
Status
Security-advisories
Vendor
CVE Published:
1 June 2026

What is CVE-2026-45278?

Nextcloud, a popular open-source content collaboration platform, contains a link manipulation vulnerability that affects versions 6.1.0 through 8.2.1. Specifically, an attacker can create deceptive links that redirect users to untrusted sites when they attempt to log in via the OpenID Connect (OIDC) authentication method. This manipulation jeopardizes the security of user sessions and exposes users to potential phishing attacks. The issue has been addressed in version 8.2.2, emphasizing the importance of updating to maintain security.

Affected Version(s)

security-advisories >= 6.1.0, < 8.2.2

References

https://github.com/nextcloud/security-advisories/security...
x_refsource_CONFIRM
https://github.com/nextcloud/user_oidc/pull/1273
x_refsource_MISC
https://hackerone.com/reports/3464925
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.