CVE-2026-45545

216.73.216.123

· Published 01/06/2026 19:16 · Modified 02/06/2026 14:00

Labels: CVE-2026-45545 2026-06-01 CVE-2026-45545 CWE-89 [email protected]

Essential information

Published: 01/06/2026 19:16
Modified: 02/06/2026 14:00
Author: —
Creator: —
CVSS: 8.2 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

CVSS metrics

Description

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries, through a stored injection. With carefully crafted input it is possible to break out of the length limitation. The attacker could use this to extract information from the database, or modify data. This issue has been patched in versions 0.7.7, 0.8.10, 0.9.8, 1.0.4, and 2.0.0.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
nextcloud / nextcloud	`cpe:2.3:a:nextcloud:nextcloud:0.7.0-0.7.6:::::::*`
nextcloud / nextcloud	`cpe:2.3:a:nextcloud:nextcloud:0.8.0-0.8.9:::::::*`
nextcloud / nextcloud	`cpe:2.3:a:nextcloud:nextcloud:0.9.0-0.9.7:::::::*`
nextcloud / nextcloud	`cpe:2.3:a:nextcloud:nextcloud:1.0.0-1.0.3:::::::*`