cvedb.io
CVE-2026-45275
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-06-01T19:16:49.517 · Last modified 2026-06-17T10:51:51.187

Summary

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and privilege escalation, allowing unauthorized distribution of restricted files. This issue has been patched in version 2.7.2.

Affected products

nextcloud — approval

Does this affect you?

Add your gear to cvedb and we'll alert you only when nextcloud ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.