CVE-2026-45545

Source
https://cve.org/CVERecord?id=CVE-2026-45545
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45545.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45545
Aliases
  • GHSA-x43f-gmgh-vvjj
Published
2026-06-01T17:05:18.396Z
Modified
2026-07-08T08:13:29.733450966Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
Summary
Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution
Details

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries, through a stored injection. With carefully crafted input it is possible to break out of the length limitation. The attacker could use this to extract information from the database, or modify data. This issue has been patched in versions 0.7.7, 0.8.10, 0.9.8, 1.0.4, and 2.0.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45545.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-89"
    ]
}
References

Affected packages

Git / github.com/nextcloud/tables

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/tables
Events
Database specific
{
    "cpe": "cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*",
    "extracted_events": [
        {
            "introduced": "0.7.0"
        },
        {
            "fixed": "0.7.7"
        },
        {
            "introduced": "0.8.0"
        },
        {
            "fixed": "0.8.10"
        },
        {
            "introduced": "0.9.0"
        },
        {
            "fixed": "0.9.8"
        },
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.0.4"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v0.*
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.8.0-beta.1
v0.8.0-beta.2
v0.8.0-beta.3
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45545.json"