CVE-2026-45277

low

Description

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2.

References

https://hackerone.com/reports/3475210

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7gm-vgxr-9hcw

https://github.com/nextcloud/approval/pull/356

Details

Source: Mitre, NVD

Published: 2026-06-01

Updated: 2026-06-03

Risk Information

CVSS v2

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 3.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Low

EPSS

EPSS: 0.00011