CVE-2026-45543
MEDIUMNextcloud Forms 4.3.0-5.2.6 - Unauthorized Read Access to Uploaded Respondent Files
Title source: llmDescription
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had results access. This issue has been patched in version 5.2.7.
References (3)
Core 3
Core References
Issue Tracking
https://github.com/nextcloud/forms/pull/3291
Vendor Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q4fw-6jf8-5vhh
Third Party Advisory
https://hackerone.com/reports/3617352
Scores
CVSS v3
5.3
EPSS
0.0027
EPSS Percentile
18.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-552
Status
published
Products (1)
nextcloud/forms
4.3.0 - 5.2.7
Published
Jun 01, 2026
Tracked Since
Jun 02, 2026