top of page
perceptive_background_267k.jpg

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the kno…

Published:

31 May 2026 at 22:00:00

Alert date:

1 June 2026 at 20:04:42

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

CVE-2026-45281 affects Nextcloud Server versions 32.0.0 to before 32.0.9 and 33.0.0 to before 33.0.3. Authenticated attackers with knowledge of other users' principal URLs can exploit improper authorization controls to gain full access to calendar data. The vulnerability allows attackers to view and modify other users' calendars. Patches are available in versions 33.0.3 and 32.0.9 for Nextcloud Server, with additional patch versions for Enterprise Server.

Technical details

Mitigation steps:

Affected products:

Nextcloud Server
Nextcloud Enterprise Server

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-45281
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hrrv-mp25-26vv
https://github.com/nextcloud/server/pull/59962
https://hackerone.com/reports/3545964

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page