CVE-2026-45543NVD

Description

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had results access. This issue has been patched in version 5.2.7.

Severity Level

MEDIUM (5.3)

Published Date

01/06/2026

Last Modified

02/06/2026

Exploitation Status

????

References

https://github.com/nextcloud/forms/pull/3291
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q4fw-6jf8-5vhh
https://hackerone.com/reports/3617352