NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-45157

Summary	Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see temporary part files during on going uploads. It is recommended that the Nextcloud Server is upgraded to 32.0.9 or 33.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 26.0.13.26, 27.1.11.25, 28.0.14.17, 29.0.16.16, 30.0.17.9, 31.0.14.5, 32.0.9 or 33.0.3
Publication Date	June 2, 2026, 2:17 a.m.
Registration Date	June 2, 2026, 4:18 a.m.
Last Update	June 2, 2026, 3:14 a.m.

CVSS3.1 : MEDIUM
スコア	6.3
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	低
可用性への影響(A)	なし

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-45pj-p7x7-4mhc	security-advisories@github.com
2	https://github.com/nextcloud/server/pull/59780	security-advisories@github.com
3	https://hackerone.com/reports/3483708	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-284	不適切なアクセス制御	https://cwe.mitre.org/data/definitions/284.html