VYPR
← All advisories
Low severity3.3NVD Advisory· Published Jun 1, 2026

CVE-2026-45277

CVE-2026-45277

Description

Authenticated users can check file associations with approval workflows in Nextcloud Approval app prior to v2.7.2, patched in v2.7.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated users can check file associations with approval workflows in Nextcloud Approval app prior to v2.7.2, patched in v2.7.2.

Vulnerability

Prior to version 2.7.2, the Nextcloud Approval app allowed authenticated users to check if arbitrary files were associated with specific approval workflows, enabling them to request approval for files they did not have legitimate access to. This vulnerability exists in the file checking functionality of the app [2].

Exploitation

An authenticated user can exploit this vulnerability by sending a request to the Nextcloud Approval app that checks for workflow associations with a specific file. This does not require any special privileges beyond standard user authentication within Nextcloud.

Impact

Successful exploitation allows an authenticated user to discover which files are part of approval workflows, potentially leading to unauthorized requests for approval or information disclosure about internal processes related to file approvals.

Mitigation

The vulnerability has been patched in version 2.7.2 of the Nextcloud Approval app. Users are recommended to upgrade to this version. If an upgrade is not immediately possible, the Approval app can be disabled as a workaround. No other workaround is available [2].

References
  1. fileId parameter reveals workflow associations in Nextcloud Approval app

AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

1
4c5d76fcf5c5

Merge pull request #356 from nextcloud/enh/noid/better-access-check

https://github.com/nextcloud/approvalJulien VeyssierJan 8, 2026via nvd-ref
commitPR #356
1 file changed · +4 0
  • lib/Service/ApprovalService.php+4 0 modified
    @@ -78,6 +78,10 @@ public function getBasicUserRules(string $userId, string $role): array {
 	 * @return array
 	 */
 	public function getUserRules(string $userId, string $role = 'requesters', ?int $fileId = null): array {
+		if ($fileId !== null && !$this->utilsService->userHasAccessTo($fileId, $userId)) {
+			throw new \InvalidArgumentException('File not found');
+		}
+
 		$userRules = [];
 		$rules = $this->ruleService->getRules();

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.