CVE-2026-45279

Sažetak

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config value, non-admin users can in some cases copy arbitrary files (depending on unix permissions) into their own Nextcloud directory via a path traversal. It is recommended that the Nextcloud Server is upgraded to 32.0.4, 31.0.14. It is recommended that the Nextcloud Enterprise Server is upgraded to 32.0.4, 31.0.14, 30.0.17.7, 29.0.17.12, 28.0.14.15

Reference

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j33j-qph5-4wch
https://github.com/nextcloud/server/pull/57414/files
https://hackerone.com/reports/3468140

CVSS

Base:	4.4
Impact:	3.6
Exploitability:	0.7

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

03-06-2026 - 17:15

Objavljeno

01-06-2026 - 19:16