CVE-2026-45153NVD

Description

Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud Files app PIN. This issue has been patched in version 33.1.0.

Severity Level

MEDIUM (4.6)

Published Date

01/06/2026

Last Modified

01/06/2026

Exploitation Status

????

References

https://github.com/nextcloud/android/pull/16896
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2w7v-5299-3hw5
https://hackerone.com/reports/3625210