CVE-2026-45544

Source
https://cve.org/CVERecord?id=CVE-2026-45544
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45544.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45544
Aliases
  • GHSA-vvxm-6jjp-m9mp
Published
2026-06-01T17:03:06.911Z
Modified
2026-07-08T08:13:29.755066405Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService
Details

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-1230"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45544.json"
}
References

Affected packages

Git / github.com/nextcloud/tables

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/tables
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.8.0"
        },
        {
            "fixed": "1.0.4"
        }
    ],
    "cpe": "cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

v0.*
v0.8.0
v0.9.0
v0.9.0-beta.1
v0.9.0-beta.2
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v1.*
v1.0.0
v1.0.0-beta.1
v1.0.0-beta.2
v1.0.0-beta.3
v1.0.1
v1.0.2
v1.0.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45544.json"