VYPR
Medium severity4.3NVD Advisory· Published Jun 1, 2026· Updated Jun 3, 2026

CVE-2026-45286

CVE-2026-45286

Description

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied to other endpoints, were not effective here. This issue has been patched in versions 5.5.17 and 6.2.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Nextcloud/Calendarreferences3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*range: >=5.5.13,<5.5.17
    • (no CPE)range: 5.5.13 - 5.5.16, 6.2.0 - 6.2.2
  • Range: 5.5.13 - 5.5.16, 6.2.0 - 6.2.2

Patches

Vulnerability mechanics

References

4

News mentions

1