Nextcloud Mail
15 CVEs affecting Nextcloud Mail. Latest disclosed: 2025-12-05. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-32652 | High | 8.8 | 2021-06-01 | Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users… |
CVE-2022-31132 | High | 8.3 | 2022-08-04 | Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css… |
CVE-2024-52508 | High | 8.2 | 2024-11-15 | Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like us… |
CVE-2020-8156 | High | 7.0 | 2020-05-12 | A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. |
CVE-2023-23943 | Medium | 5.0 | 2023-02-06 | Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal s… |
CVE-2023-45660 | Medium | 4.3 | 2023-10-16 | Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacke… |
CVE-2021-32707 | Medium | 4.3 | 2021-07-12 | Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not lea… |
CVE-2023-25160 | Medium | 4.1 | 2023-02-13 | Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box… |
CVE-2025-66514 | Low | 3.5 | 2025-12-05 | Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allow… |
CVE-2024-52509 | Low | 3.5 | 2024-11-15 | Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without do… |
CVE-2023-48307 | Low | 3.5 | 2023-11-21 | Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker… |
CVE-2023-33184 | Low | 3.5 | 2023-05-27 | Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that… |
CVE-2021-39220 | Low | 3.5 | 2021-10-25 | Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render im… |
CVE-2022-31119 | Low | 3.1 | 2022-08-04 | Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the ev… |
CVE-2023-23944 | Low | 2.0 | 2023-02-06 | Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database dur… |