Nextcloud CVE-2026-45277: Low-Severity Information Disclosure Vulnerability

CVE-2026-45277 is a low-severity vulnerability affecting Nextcloud versions prior to 2.7.2. Authenticated users could exploit this flaw to determine if arbitrary files are linked to specific approval workflows, potentially exposing sensitive metadata. The vulnerability has a CVSS 3.1 base score of 3.3, indicating limited impact on confidentiality, integrity, and availability. It does not allow for modification or denial of service. The issue has been patched in Nextcloud version 2.7.2, and users are advised to upgrade to this version or later. There are currently no known exploits in the wild. As this is not a cloud service, users must manually apply the update. The vulnerability was published on June 1, 2026.

Key Points: • CVE-2026-45277 is a low-severity vulnerability in Nextcloud versions before 2.7.2. • Authenticated users can exploit this flaw to check file approval workflows, risking sensitive information exposure. • Nextcloud version 2.7.2 addresses this vulnerability; users must apply the update manually.