BIT-nextcloud-2026-45153

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/nextcloud/BIT-nextcloud-2026-45153.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-nextcloud-2026-45153
Aliases
Published
2026-07-12T23:48:00.245Z
Modified
2026-07-13T06:26:09.390858604Z
Summary
Nextcloud: PIN bypass in PassCodeActivity via back button
Details

Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud Files app PIN. This issue has been patched in version 33.1.0.

Database specific
{
    "cpes": [
        "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / nextcloud

Package

Name
nextcloud
Purl
pkg:bitnami/nextcloud

Severity

  • 4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
33.0.0
Fixed
33.1.0

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/nextcloud/BIT-nextcloud-2026-45153.json"