SSRF in Nextcloud News

CVE-2026-44515

Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (via the web interface or the API). In affected versions, an authenticated attacker could pro…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.