What is CVE-2026-45159?

CVE-2026-45159 is a low-severity vulnerability in Nextcloud Security-advisories, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 3.5/10. Published 2026-06-01.

How severe is CVE-2026-45159?

Low severity. CVSS v3 base score is 3.5 out of 10.

Auth bypass in Nextcloud Security-advisories

CVE-2026-45159

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (7.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Nextcloud Security-advisories — versions >= 1.15.0, < 1.15.4, >= 1.16.0, < 1.16.3, >= 1.17.0, < 1.17.1

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-45159?: CVE-2026-45159 is a low-severity vulnerability in Nextcloud Security-advisories, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 3.5/10. Published 2026-06-01.
How severe is CVE-2026-45159?: Low severity. CVSS v3 base score is 3.5 out of 10.