CVE-2026-45277NVD

Description

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2.

Severity Level

LOW (3.3)

Published Date

01/06/2026

Last Modified

02/06/2026

Exploitation Status

????

References

https://github.com/nextcloud/approval/pull/356
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7gm-vgxr-9hcw
https://hackerone.com/reports/3475210