CVE-2026-45810
MEDIUMDescription
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended that the Nextcloud Server is upgraded to 31.0.12 or 32.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 21.0.9.20, 22.2.10.35, 23.0.12.31, 24.0.12.30, 25.0.13.25, 26.0.13.22, 27.1.11.22, 28.0.14.13, 29.0.16.10, 30.0.17.5, 31.0.12 or 32.0.3
Is your site exposed to CVE-2026-45810?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
References
Frequently Asked Questions
What is CVE-2026-45810? +
How severe is CVE-2026-45810? +
What products are affected by CVE-2026-45810? +
How do I check if I'm vulnerable to CVE-2026-45810? +
Related Vulnerabilities
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` …
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring …
Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in …
Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in …
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because …
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application