Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-45285— Nextcloud: Hidden Public Link creation when sharing to a Team External Member

CVSS 6.4 · Medium

Affected Version Matrix 2

VendorProductVersion RangeStatus
nextcloudsecurity-advisories>= 32.0.0, < 32.0.9affected
>= 33.0.0, < 33.0.3affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-45285

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Nextcloud: Hidden Public Link creation when sharing to a Team External Member
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member (a person added via email address who does not have a Nextcloud account), the system automatically creates a public link for that external member. This public link is not displayed in the share section of the folder, so the folder owner has no knowledge of its existence. It is sent via email to the external member. It grants the same permissions (read, write, delete, reshare, download) as the Team’s access. An attacker who receives or intercepts this link can access, modify, delete, reshare, and download all data in the shared folder without any further authentication. The folder owner cannot see or revoke the link through the normal sharing interface. This issue has been patched in versions 32.0.9 and 33.0.3.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
nextcloudsecurity-advisories >= 32.0.0, < 32.0.9 -

II. Public POCs for CVE-2026-45285

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-45285

登录查看更多情报信息。

Patches & Fixes for CVE-2026-45285 (1)

Vendor Advisories for CVE-2026-45285 (1)

Same Patch Batch · nextcloud · 2026-06-01 · 26 CVEs total

CVE-2026-455458.2 HIGHNextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution
CVE-2026-452818.1 HIGHNextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update
CVE-2026-451568.1 HIGHNextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification
CVE-2026-457227.1 HIGHNextcloud: Tables app allows limited SQLi in ORDER BY with malicious sort order argument f
CVE-2026-458106.8 MEDIUMNextcloud: Propfind requests for file comments allowed to load comments for other files
CVE-2026-452826.5 MEDIUMNextcloud: Logged-in user bypasses share password and download restrictions on Text attach
CVE-2026-452756.5 MEDIUMNextcloud: Authorization bypass in approval feature allows unauthorized file sharing with
CVE-2026-452676.5 MEDIUMNextcloud: Missing permission check for from submissions
CVE-2026-452836.3 MEDIUMNextcloud: Files Lock app allows users to lock and unlock files of other users
CVE-2026-451576.3 MEDIUMNextcloud: Valid share tokens allow to access tempory upload files of share owner
CVE-2026-456905.9 MEDIUMNextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay
CVE-2026-456915.9 MEDIUMNextcloud: Bypass of second factor authentication on DAV endpoints
CVE-2026-455435.3 MEDIUMNextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible t
CVE-2026-451534.6 MEDIUMNextcloud: PIN bypass in PassCodeActivity via back button
CVE-2026-452844.6 MEDIUMNextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users t
CVE-2026-452794.4 MEDIUMNextcloud: Limited path traversal via template API if using `{lang}` in config
CVE-2026-452644.3 MEDIUMNextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames
CVE-2026-452864.3 MEDIUMNextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint
CVE-2026-455444.3 MEDIUMNextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking
CVE-2026-451593.5 LOWNextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files i

Showing top 20 of 26 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: security-advisories
Same vendor: nextcloud
Same weakness: CWE-862

V. Comments for CVE-2026-45285

No comments yet

Leave a comment