VYPR
Medium severity6.8NVD Advisory· Published Jun 1, 2026· Updated Jun 4, 2026

CVE-2026-45810

CVE-2026-45810

Description

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended that the Nextcloud Server is upgraded to 31.0.12 or 32.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 21.0.9.20, 22.2.10.35, 23.0.12.31, 24.0.12.30, 25.0.13.25, 26.0.13.22, 27.1.11.22, 28.0.14.13, 29.0.16.10, 30.0.17.5, 31.0.12 or 32.0.3

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Nextcloud/Server2 versions
    cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*+ 1 more
    • cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*range: >=31.0.0,<31.0.12
    • cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*range: >=21.0.0,<21.0.9.20
  • Range: 31.0.0 to <31.0.12, 32.0.0 to <32.0.3
  • osv-coords
    Range: >= 31.0.0, < 31.0.12

Patches

Vulnerability mechanics

References

3

News mentions

1