CVE-2026-45810

EUVD-2026-33720
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended that the Nextcloud Server is upgraded to 31.0.12 or 32.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 21.0.9.20, 22.2.10.35, 23.0.12.31, 24.0.12.30, 25.0.13.25, 26.0.13.22, 27.1.11.22, 28.0.14.13, 29.0.16.10, 30.0.17.5, 31.0.12 or 32.0.3
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
nextcloudnextcloud_server
31.0.0 ≤
𝑥
< 31.0.12
nextcloudnextcloud_server
32.0.0 ≤
𝑥
< 32.0.3
nextcloudnextcloud_server
21.0.0 ≤
𝑥
< 21.0.9.20
nextcloudnextcloud_server
22.0.0 ≤
𝑥
< 22.2.10.35
nextcloudnextcloud_server
23.0.0 ≤
𝑥
< 23.0.12.31
nextcloudnextcloud_server
24.0.0 ≤
𝑥
< 24.0.12.30
nextcloudnextcloud_server
25.0.0 ≤
𝑥
< 25.0.13.25
nextcloudnextcloud_server
26.0.0 ≤
𝑥
< 26.0.13.22
nextcloudnextcloud_server
27.0.0 ≤
𝑥
< 27.1.11.22
nextcloudnextcloud_server
28.0.0 ≤
𝑥
< 28.0.14.13
nextcloudnextcloud_server
29.0.0 ≤
𝑥
< 29.0.16.10
nextcloudnextcloud_server
30.0.0 ≤
𝑥
< 30.0.17.5
nextcloudnextcloud_server
31.0.0 ≤
𝑥
< 31.0.12
nextcloudnextcloud_server
32.0.0 ≤
𝑥
< 32.0.3
𝑥
= Vulnerable software versions