CVE-2026-45278

Sažetak

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2.

Reference

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8wjr-5cg8-4w73
https://github.com/nextcloud/user_oidc/pull/1273
https://hackerone.com/reports/3464925

CVSS

Base:	3.3
Impact:	1.4
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

03-06-2026 - 17:34

Objavljeno

01-06-2026 - 19:16