CVE-2026-45278
LOWNextcloud user_oidc 6.1.0-8.2.1 - Open Redirect via Login Flow
Title source: llmDescription
Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8wjr-5cg8-4w73
Issue Tracking x_refsource_misc
https://github.com/nextcloud/user_oidc/pull/1273
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/3464925
Scores
CVSS v3
3.3
EPSS
0.0023
EPSS Percentile
13.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (2)
nextcloud/security-advisories
>= 6.1.0, < 8.2.2
nextcloud/user_oidc
6.1.0 - 8.2.2
Published
Jun 01, 2026
Tracked Since
Jun 02, 2026