CVE-2024-52510

MEDIUM LAB

Nextcloud Desktop 3.0.0-3.14.1 - Improper Certificate Validation via Empty Initial Signature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-52510. PoCs published by d-xuan.

AI-analyzed exploit summary The repository appears to be a Nextcloud development environment setup with DevContainer configurations, but no actual exploit code or proof-of-concept for CVE-2024-52510 is present in the provided files.

Description

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later.

Exploits (1)

nomisec STUB 2 stars
by d-xuan · poc
https://github.com/d-xuan/CVE-2024-52510

The repository appears to be a Nextcloud development environment setup with DevContainer configurations, but no actual exploit code or proof-of-concept for CVE-2024-52510 is present in the provided files.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Nextcloud
No auth needed
Prerequisites: None identified
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 4.2
EPSS 0.0073
EPSS Percentile 49.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Lab Environment

COMMUNITY SUSPICIOUS
Community Lab
docker pull mailhog/mailhog
docker pull mitmproxy/mitmproxy

Details

CWE
CWE-295
Status published
Products (1)
nextcloud/desktop 3.0.0 - 3.14.2
Published Nov 15, 2024
Tracked Since Feb 18, 2026