CVE-2026-45277

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
01/06/2026
Last modified:
03/06/2026

Description

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:nextcloud:approval:*:*:*:*:*:nextcloud:*:* 2.7.2 (excluding)