Nextcloud server
This hub aggregates every CVE we track for Nextcloud server, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
189
CVEs tracked
3
Critical
28
High
0
In CISA KEV
Severity distribution
MEDIUM114LOW44HIGH28CRITICAL3
Monthly trend
0
0
0
0
11
0
0
0
0
0
4
0
0
0
0
0
0
6
0
0
0
0
0
8
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Nextcloud server.
- CVE-2026-45810Nextcloud: Propfind requests for file comments allowed to load comments for other files6.8
- CVE-2026-45691Nextcloud: Bypass of second factor authentication on DAV endpoints5.9
- CVE-2026-45690Nextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay5.9
- CVE-2026-45285Nextcloud: Hidden Public Link creation when sharing to a Team External Member6.4
- CVE-2026-45283Nextcloud: Files Lock app allows users to lock and unlock files of other users6.3
- CVE-2026-45282Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access6.5
- CVE-2026-45281Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update8.1
- CVE-2026-45279Nextcloud: Limited path traversal via template API if using `{lang}` in config4.4
- CVE-2025-64011Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other u...4.3
- CVE-2025-66552Nextcloud Server admin_audit does not log all actions on files in groupfolders4.3
- CVE-2025-66547Nextcloud Server users can modify tags on files that do not belong to them4.3
- CVE-2025-66512Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud5.4
- CVE-2025-66510Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list4.5
- CVE-2025-59788Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 2...6.4
- CVE-2025-47794Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission2.6
Product normalization is registry-driven with AI assist and human review. How it works