BIT-nextcloud-2026-45157

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/nextcloud/BIT-nextcloud-2026-45157.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-nextcloud-2026-45157
Aliases
Published
2026-07-12T23:48:01.453Z
Modified
2026-07-13T06:15:13.705785441Z
Summary
Nextcloud: Valid share tokens allow to access tempory upload files of share owner
Details

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see temporary part files during on going uploads. It is recommended that the Nextcloud Server is upgraded to 32.0.9 or 33.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 26.0.13.26, 27.1.11.25, 28.0.14.17, 29.0.16.16, 30.0.17.9, 31.0.14.5, 32.0.9 or 33.0.3

Database specific
{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / nextcloud

Package

Name
nextcloud
Purl
pkg:bitnami/nextcloud

Severity

  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
32.0.0
Fixed
32.0.9
Introduced
33.0.0
Fixed
33.0.3

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/nextcloud/BIT-nextcloud-2026-45157.json"