CVE-2026-45544
Description
Nextcloud Tables versions 0.8.0 to 1.0.3 expose view filter criteria to read-only users, patched in 1.0.4 and 2.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Nextcloud Tables versions 0.8.0 to 1.0.3 expose view filter criteria to read-only users, patched in 1.0.4 and 2.0.0.
Vulnerability
Nextcloud Tables versions from 0.8.0 up to, but not including, 1.0.4 and 2.0.0 incorrectly expose view filter criteria to users with only read-only permissions. This vulnerability resides within the ViewService component of the Tables app [2].
Exploitation
An attacker with read-only permissions on Nextcloud Tables can exploit this vulnerability by accessing the view filter criteria. No specific user interaction or elevated privileges beyond read-only access are required to trigger this information disclosure [2].
Impact
Successful exploitation allows an attacker with read-only permissions to view sensitive data related to the view filter criteria. This constitutes an information disclosure vulnerability, potentially revealing details about data organization or filtering mechanisms within the platform [2].
Mitigation
This vulnerability has been patched in Nextcloud Tables versions 1.0.4 and 2.0.0. Users are advised to upgrade to these versions or later. As a workaround, the Tables app can be disabled if an immediate upgrade is not possible [2].
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
1c2933cb60c9fMerge pull request #2312 from nextcloud/fix/noid/simplify-filter-return
1 file changed · +18 −22
lib/Service/ViewService.php+18 −22 modified@@ -400,31 +400,27 @@ private function enhanceView(View $view, string $userId): void { // Remove detailed view filtering and sorting information if necessary if ($view->getIsShared() && !$view->getOnSharePermissions()->manageTable) { - $rawFilterArray = $view->getFilterArray(); - if ($rawFilterArray) { - $view->setFilterArray( - array_map(static function ($filterGroup) { - // Instead of filter just indicate that there is a filter, but hide details - return array_map(null, $filterGroup); - }, - $rawFilterArray)); - } + $view->setFilterArray([]); + $rawSortArray = $view->getSortArray(); if ($rawSortArray) { $view->setSortArray( - array_map(static function (array $sortRule) use ($view): array { - if (isset($sortRule['columnId']) - && ( - Column::isValidMetaTypeId($sortRule['columnId']) - || in_array($sortRule['columnId'], $view->getColumnIds(), true) - ) - ) { - return $sortRule; - } - // Instead of sort rule just indicate that there is a rule, but hide details - return []; - }, - $rawSortArray)); + array_map( + static function (array $sortRule) use ($view): array { + if (isset($sortRule['columnId']) + && ( + Column::isValidMetaTypeId($sortRule['columnId']) + || in_array($sortRule['columnId'], $view->getColumnIds(), true) + ) + ) { + return $sortRule; + } + // Instead of sort rule just indicate that there is a rule, but hide details + return []; + }, + $rawSortArray + ) + ); } }
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3News mentions
0No linked articles in our index yet.