Path Traversal Vulnerability in Nextcloud Server Versions
CVE-2026-45279
4.4MEDIUM
What is CVE-2026-45279?
A vulnerability in Nextcloud Server allows non-admin users to potentially copy arbitrary files into their own directories through a path traversal issue. This occurs when the {lang} variable is utilized improperly in the template directory configuration. The vulnerability affects multiple versions of Nextcloud Server and can be exploited depending on Unix permissions, making it crucial for users to update to the latest versions to mitigate risks.
Affected Version(s)
security-advisories >= 31.0.0, < 31.0.14 < 31.0.0, 31.0.14
security-advisories >= 32.0.0, < 32.0.4 < 32.0.0, 32.0.4