5.3
CVE-2026-45543
- EPSS 0.27%
- Veröffentlicht 01.06.2026 17:00:48
- Zuletzt bearbeitet 04.06.2026 16:43:12
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Nextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share
Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had results access. This issue has been patched in version 5.2.7.
Mögliche Gegenmaßnahme
Forms: * Disable app Forms
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.182 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q4fw-6jf8-5vhh
https://github.com/nextcloud/forms/pull/3291
https://hackerone.com/reports/3617352
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q4fw-6jf8-5vhh