Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter...

3.3 / 10

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2.

Basic Information

ID CVE-2026-45277

Source GitHub_M

Published Jun 1, 2026 at 16:51

Affected Product

Vendor nextcloud

Product security-advisories

Version < 2.7.2

Affected Versions nextcloud security-advisories < 2.7.2

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2.",
    "published": "2026-06-01T16:51:34.087Z",
    "modified": "2026-06-01T16:51:34.087Z",
    "type": "cve",
    "title": "Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations",
    "source": "GitHub_M",
    "references": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7gm-vgxr-9hcw\nhttps://github.com/nextcloud/approval/pull/356\nhttps://hackerone.com/reports/3475210",
    "id": "CVE-2026-45277",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "nextcloud security-advisories < 2.7.2",
    "sourceHref": "",
    "cvss": {
        "score": 3.3,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "security-advisories",
    "version": "< 2.7.2",
    "vendor": "nextcloud",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations_CVE-2026-45277