Nextcloud Talk
20 CVEs affecting Nextcloud Talk. Latest disclosed: 2025-12-05. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-8180 | Critical | 9.9 | 2020-06-08 | A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. |
CVE-2021-32689 | High | 8.1 | 2021-07-12 | Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used user… |
CVE-2023-39957 | High | 7.8 | 2023-08-10 | Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicio… |
CVE-2021-32676 | Medium | 6.5 | 2021-06-16 | Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11… |
CVE-2021-39222 | Medium | 6.4 | 2021-11-15 | Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerabil… |
CVE-2018-3781 | Medium | 5.4 | 2018-08-13 | A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing… |
CVE-2019-15619 | Medium | 4.8 | 2020-02-04 | Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an X… |
CVE-2021-41180 | Medium | 4.7 | 2022-03-08 | Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud… |
CVE-2023-45149 | Medium | 4.3 | 2023-10-16 | Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be byp… |
CVE-2022-39212 | Medium | 4.3 | 2022-09-17 | Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame o… |
CVE-2022-24887 | Medium | 4.3 | 2022-04-27 | Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sha… |
CVE-2025-66556 | Low | 3.5 | 2025-12-05 | Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll draft… |
CVE-2023-30540 | Low | 3.5 | 2023-04-17 | Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this informati… |
CVE-2023-28845 | Low | 3.5 | 2023-03-31 | Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member l… |
CVE-2022-35932 | Low | 3.5 | 2022-08-12 | Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are suscepti… |
CVE-2022-41926 | Low | 3.3 | 2022-11-25 | Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermi… |
CVE-2019-15620 | Low | 2.7 | 2020-02-04 | Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the proje… |
CVE-2022-24890 | Low | 2.4 | 2022-05-17 | Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams… |
CVE-2021-41181 | Low | 2.4 | 2022-03-08 | Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen s… |
CVE-2023-22473 | Low | 2.1 | 2023-01-09 | Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud… |