Nextcloud Mail

15 CVEs affecting Nextcloud Mail. Latest disclosed: 2025-12-05. Critical: 0, High: 4.

Top CVEs affecting Nextcloud Mail
CVESeverityScorePublishedSummary
CVE-2021-32652High8.82021-06-01Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users…
CVE-2022-31132High8.32022-08-04Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css…
CVE-2024-52508High8.22024-11-15Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like us…
CVE-2020-8156High7.02020-05-12A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
CVE-2023-23943Medium5.02023-02-06Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal s…
CVE-2023-45660Medium4.32023-10-16Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacke…
CVE-2021-32707Medium4.32021-07-12Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not lea…
CVE-2023-25160Medium4.12023-02-13Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box…
CVE-2025-66514Low3.52025-12-05Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allow…
CVE-2024-52509Low3.52024-11-15Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without do…
CVE-2023-48307Low3.52023-11-21Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker…
CVE-2023-33184Low3.52023-05-27Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that…
CVE-2021-39220Low3.52021-10-25Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render im…
CVE-2022-31119Low3.12022-08-04Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the ev…
CVE-2023-23944Low2.02023-02-06Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database dur…