CVE-2026-45286

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied to other endpoints, were not effective here. This issue has been patched in versions 5.5.17 and 6.2.3.

Vulnerability Details

Published Date

June 01, 2026

Last Modified

June 01, 2026

CWE ID

CWE-200

Source

NVD

Vendor

nextcloud

Product

security-advisories

External References

https://github.com/nextcloud/calendar/issues/7971
https://github.com/nextcloud/calendar/pull/8197
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r697-74m9-gvf2
https://hackerone.com/reports/3540663

CVE-2026-45286

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment