CVE-2023-22472EPSS p10.4%

CVE-2023-22472CVE-2023-22472

nextcloud / desktop

Description

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2.

Scoring

CVSS 5.3 ()
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS0.20% probability of exploitation · percentile 10.4% · 2026-06-19T12:03:05Z
Last modified2026-06-17
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.