6.1

CVE-2026-45278

Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass

Open Redirect in user_oidc login flow via protocol-relative URL bypass

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2.
Mögliche Gegenmaßnahme
user_oidc: * No other workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudUser Oidc Version >= 6.1.0 < 8.2.2
Weitere Schwachstelleninformationen
SystemNextcloud App
Produkt user_oidc
Version >= 6.1.0, < 8.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.138
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8wjr-5cg8-4w73
Vendor Advisory
https://github.com/nextcloud/user_oidc/pull/1273
Patch
Issue Tracking
https://hackerone.com/reports/3464925
Permissions Required
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8wjr-5cg8-4w73
Third Party Advisory