Loading market data...
← Back to CVE feed

CVE-2026-45275

MEDIUM CVSS 6.5 View on NVD ↗

Description

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and privilege escalation, allowing unauthorized distribution of restricted files. This issue has been patched in version 2.7.2.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Published: Jun 01, 2026 19:16 UTC Modified: Jun 02, 2026 14:00 UTC