VYPR
Unrated severityNVD Advisory· Published Apr 4, 2023· Updated Nov 3, 2025

Nextcloud Desktop: Initialization vector reuse in E2EE allows malicious server admin to break, manipulate, access files

CVE-2023-28997

Description

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.