Nextcloud Security-advisories
260 CVEs affecting Nextcloud Security-advisories. Latest disclosed: 2026-06-01. Critical: 3, High: 31.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-22212 | Critical | 9.7 | 2024-01-18 | Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the pa… |
CVE-2021-32802 | Critical | 9.3 | 2021-09-07 | Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image type… |
CVE-2023-26482 | Critical | 9.1 | 2023-03-30 | Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are desig… |
CVE-2021-41178 | High | 8.8 | 2021-10-25 | Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker… |
CVE-2021-32688 | High | 8.8 | 2021-07-12 | Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tok… |
CVE-2021-32652 | High | 8.8 | 2021-06-01 | Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users… |
CVE-2023-35172 | High | 8.7 | 2023-06-23 | NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 u… |
CVE-2023-32320 | High | 8.7 | 2023-06-22 | Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were exe… |
CVE-2021-32656 | High | 8.6 | 2021-06-01 | Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2… |
CVE-2023-48239 | High | 8.5 | 2023-11-21 | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1… |
CVE-2023-35928 | High | 8.5 | 2023-06-23 | Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 unt… |
CVE-2022-31132 | High | 8.3 | 2022-08-04 | Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css… |
CVE-2026-45545 | High | 8.2 | 2026-06-01 | Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to be… |
CVE-2024-52508 | High | 8.2 | 2024-11-15 | Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like us… |
CVE-2026-45281 | High | 8.1 | 2026-06-01 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the kn… |
CVE-2026-45156 | High | 8.1 | 2026-06-01 | Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing si… |
CVE-2024-37882 | High | 8.1 | 2024-06-14 | Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is… |
CVE-2023-39963 | High | 8.1 | 2023-08-10 | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22… |
CVE-2023-32319 | High | 8.1 | 2023-05-26 | Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to b… |
CVE-2021-41177 | High | 8.1 | 2021-10-25 | Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database ba… |