User Enumeration Vulnerability in Nextcloud Calendar App
CVE-2026-45286
4.3MEDIUM
What is CVE-2026-45286?
Nextcloud, an open-source collaboration platform, contains a user enumeration vulnerability in the Calendar app. Authenticated users can leverage the app's attendee suggestion feature to identify existing users within the same Nextcloud instance without encountering the intended sharing restrictions present in other endpoints. This flaw exposes sensitive user information and compromises user privacy. The issue affected versions 5.5.13 to 5.5.16 and 6.2.0 to 6.2.2 but has been effectively patched in updates 5.5.17 and 6.2.3.
Affected Version(s)
security-advisories >= 5.5.13, < 5.5.17 < 5.5.13, 5.5.17
security-advisories >= 6.2.0, < 6.2.3 < 6.2.0, 6.2.3