Nextcloud Enterprise Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Nextcloud Enterprise Server.
By the Year
In 2026 there have been 0 vulnerabilities in Nextcloud Enterprise Server. Nextcloud Enterprise Server did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 6 | 5.90 |
It may take a day or so for new Nextcloud Enterprise Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nextcloud Enterprise Server Security Vulnerabilities
Nextcloud DoS via Unrestricted Display Names (Fixed 22.2.10/23.0.7/24.0.3)
CVE-2022-39346
6.5 - Medium
- November 25, 2022
Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.
Improper Input Validation
Nextcloud: Credentials Leaked via nextcloud.log Prior to v23.0.9/24.0.5
CVE-2022-39364
6.5 - Medium
- October 27, 2022
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`.
Cleartext Storage of Sensitive Information
Nextcloud Server <23.0.9/24.0.5 Info Disclosure via Uncontrolled DB Access
CVE-2022-39329
5.3 - Medium
- October 27, 2022
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.
AuthZ
Nextcloud Server <23.0.10 / 24.0.6 | DDoS via loggedin DB/CPU load (Circles)
CVE-2022-39330
4.3 - Medium
- October 27, 2022
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.
Resource Exhaustion
Nextcloud Server v<23.0.8/24.0.4 Local Webservice Exposure (CVE-2022-39211)
CVE-2022-39211
5.3 - Medium
- September 16, 2022
Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.
SSRF
Nextcloud Server <=24.0.3 Authorization Header Info Exposure
CVE-2022-36074
7.5 - High
- September 15, 2022
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Nextcloud Enterprise Server or by Nextcloud? Click the Watch button to subscribe.
