CVE-2023-26482

CRITICAL LAB

Nextcloud - RCE

Title source: llm

Description

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should disable app `workflow_scripts` and `workflow_pdf_converter` as a mitigation.

Exploits (2)

nomisec WORKING POC

by ISabbiI · poc

https://github.com/ISabbiI/PoC---CVE-2023-26482-RCE-LAB-Nextcloud

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Enis Maholli, arianitisufi, Armend Gashi, whotwagner · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj

[Patch] https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60

Scores

CVSS v3 9.0

EPSS 0.5225

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull nextcloud:25.0.3

https://github.com/ISabbiI/PoC---CVE-2023-26482-RCE-LAB-Nextcloud

https://github.com/rapid7/metasploit-framework

View in Library

Details

CWE

CWE-78

Status published

Products (2)

nextcloud/nextcloud_server 18.0.0 - 20.0.14.12

nextcloud/nextcloud_server 24.0.0 - 24.0.10

Published Mar 30, 2023

Tracked Since Feb 18, 2026