Multiple vulnerabilities in Nextcloud Server and various apps allow an attacker to bypass security controls, disclose information, and manipulate files via remote attack. The CVSS Base Score is 8.1 (High). Affected versions include Nextcloud Server versions prior to 32.0.9 and 33.0.3, Nextcloud Android Files prior to 33.1.0, and numerous other specific app versions listed in the advisory. A mitigation is available, though specific fixed version numbers and workaround details are not provided in this summary.
[WID-SEC-2026-1471] Nextcloud: Mehrere Schwachstellen CVSS Base Score 8.1 (hoch) CVSS Temporal Score 7.1 (hoch) Remoteangriff ja Datum 11.05.2026 Stand 12.05.2026 Mitigation ja Betroffene Systeme Betriebssystem Linux Sonstiges UNIX Windows Produktbeschreibung Nextcloud ist eine "on-premise" Plattform für Dateifreigabe und Zusammenarbeit. Produkte 11.05.2026 Nextcloud Nextcloud Android Files <33.1.0 Nextcloud Nextcloud Server <32.0.9 Nextcloud Nextcloud Server <33.0.3 Nextcloud Nextcloud User OIDC <8.4.0 Nextcloud Nextcloud Collectives <4.3.0 Nextcloud Nextcloud End-to-End Encryption <1.15.4 Nextcloud Nextcloud End-to-End Encryption <1.16.3 Nextcloud Nextcloud End-to-End Encryption <1.17.1 Nextcloud Nextcloud End-to-End Encryption <1.18.1 Nextcloud Nextcloud End-to-End Encryption <2.0.0-rc.7 Nextcloud Nextcloud Calendar <6.2.3 Nextcloud Nextcloud Calendar <5.5.17 Nextcloud Nextcloud Approval <2.7.2 Nextcloud Nextcloud Forms <5.2.6 Nextcloud Nextcloud Team Folders <17.0.15 Nextcloud Nextcloud Team Folders <18.1.12 Nextcloud Nextcloud Team Folders <19.1.16 Nextcloud Nextcloud Team Folders <20.1.11 Nextcloud Nextcloud Team Folders <21.0.4 Nextcloud Nextcloud Talk <21.1.10 Nextcloud Nextcloud Talk <22.0.11 Nextcloud Nextcloud Talk <23.0.3 Angriff Angriff Ein Angreifer kann mehrere Schwachstellen im Nextcloud Server und verschiedenen Apps ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um Dateien zu manipulieren. CVE Informationen Versionshistorie Feedback zum Advisory geben