What is CVE-2026-45264?

CVE-2026-45264 is a medium-severity vulnerability in Nextcloud Security-advisories, classified under Improper Access Control. CVSS score: 4.3/10. Published 2026-06-01.

How severe is CVE-2026-45264?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Nextcloud Security-advisories

CVE-2026-45264

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE perm…

EPSS: 0.000 (7.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Nextcloud Security-advisories — versions >= 17.0.0, < 17.0.15, >= 18.0.0, < 18.1.12, >= 19.0.0, < 19.1.16

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-45264?: CVE-2026-45264 is a medium-severity vulnerability in Nextcloud Security-advisories, classified under Improper Access Control. CVSS score: 4.3/10. Published 2026-06-01.
How severe is CVE-2026-45264?: Medium severity. CVSS v3 base score is 4.3 out of 10.