VYPR
Medium severity6.5NVD Advisory· Published Jun 1, 2026· Updated Jun 3, 2026

CVE-2026-45275

CVE-2026-45275

Description

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and privilege escalation, allowing unauthorized distribution of restricted files. This issue has been patched in version 2.7.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:nextcloud:approval:*:*:*:*:*:nextcloud:*:*+ 1 more
    • cpe:2.3:a:nextcloud:approval:*:*:*:*:*:nextcloud:*:*range: <2.7.2
    • (no CPE)range: <2.7.2

Patches

Vulnerability mechanics

References

3

News mentions

1