Nextcloud Tables View Filter Disclosure (1.0.3)
CVE-2026-45544 Published on June 1, 2026

Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0.

NVD

Vulnerability Analysis

CVE-2026-45544 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Exposure of Sensitive Information Through Metadata

The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.


Affected Versions

nextcloud security-advisories Version >= 0.8.0, < 1.0.4 is affected by CVE-2026-45544