Nextcloud <=2.7.1: AuthU File Disclosure in App WKF (CVE-2026-45277)
CVE-2026-45277 Published on June 1, 2026

Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations
Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2.

NVD

Vulnerability Analysis

CVE-2026-45277 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2026-45277 has been classified to as an Information Disclosure vulnerability or weakness.


Affected Versions

nextcloud security-advisories Version < 2.7.2 is affected by CVE-2026-45277