SQL Injection Vulnerability in Nextcloud's Tables App
CVE-2026-45545
8.2HIGH
What is CVE-2026-45545?
An SQL injection vulnerability exists in Nextcloud's Tables app, found in specific versions. Authenticated users with access to the app can exploit this vulnerability to launch arbitrary SQL queries, potentially extracting sensitive data or altering information within the database. Although the injection is initially limited to 20 bytes, adept attackers can circumvent this restriction. All affected versions have been addressed in the subsequent releases, ensuring enhanced security for the platform.
Affected Version(s)
security-advisories >= 0.7.0, < 0.7.7 < 0.7.0, 0.7.7
security-advisories >= 0.8.0, < 0.8.10 < 0.8.0, 0.8.10
security-advisories >= 0.9.0, < 0.9.8 < 0.9.0, 0.9.8