Low severity3.3NVD Advisory· Published Jun 1, 2026· Updated Jun 3, 2026
CVE-2026-45278
CVE-2026-45278
Description
Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
3- github.com/nextcloud/user_oidc/pull/1273nvdIssue TrackingPatch
- github.com/nextcloud/security-advisories/security/advisories/GHSA-8wjr-5cg8-4w73nvdVendor Advisory
- hackerone.com/reports/3464925nvdPermissions Required
News mentions
1- Nextcloud Server: 25 Vulnerabilities Disclosed in Single BatchVypr Intelligence · Jun 1, 2026