VYPR
Low severity3.3NVD Advisory· Published Jun 1, 2026· Updated Jun 3, 2026

CVE-2026-45278

CVE-2026-45278

Description

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:nextcloud:user_oidc:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:nextcloud:user_oidc:*:*:*:*:*:*:*:*range: >=6.1.0,<8.2.2
    • (no CPE)range: 6.1.0 <= version < 8.2.2
  • Range: 6.1.0 <= version < 8.2.2

Patches

Vulnerability mechanics

References

3

News mentions

1