CVE-2026-45278NVD

Description

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2.

Severity Level

LOW (3.3)

Published Date

01/06/2026

Last Modified

02/06/2026

Exploitation Status

????

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8wjr-5cg8-4w73
https://github.com/nextcloud/user_oidc/pull/1273
https://hackerone.com/reports/3464925