CVE-2026-45155EPSS p9.9%

CVE-2026-45155CVE-2026-45155

Description

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by default this is still unlikely to be executable at will, but if access to an ID was available via another source, memberships could be tracked like this. It is recommended that the Nextcloud Server is upgraded to 32.0.7 or 33.0.1. It is recommended that the Nextcloud Enterprise Server is upgraded to 29.0.16.14, 30.0.17.8, 31.0.14.3, 32.0.7 or 33.0.1

Scoring

CVSS 2.6 ()
VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
EPSS0.20% probability of exploitation · percentile 9.9% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-45156
CVE
CVE-2026-45157
CVE
CVE-2026-45159
CVE
CVE-2026-45810
CVE
CVE-2026-45264
CVE
CVE-2026-45267
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.