CVE-2026-45275EPSS p27.5%

CVE-2026-45275CVE-2026-45275

nextcloud / approval

Description

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and privilege escalation, allowing unauthorized distribution of restricted files. This issue has been patched in version 2.7.2.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS0.36% probability of exploitation · percentile 27.5% · 2026-06-18T12:00:27Z
Last modified2026-06-03

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-45277
CVE
CVE-2026-45264
CVE
CVE-2026-45159
CVE
CVE-2026-45157
CVE
CVE-2026-45267
CVE
CVE-2026-45154
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.