Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0.
AnalysisAI
Nextcloud Tables versions 0.8.0 through 1.0.3 improperly disclose view filter criteria to authenticated users holding only read-only permissions on a shared view. The flaw in ViewService.php attempted to sanitize filter arrays for low-privileged users but instead exposed the full filter rules - potentially revealing sensitive column names, threshold values, or data organization logic the view owner intended to keep confidential. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated Nextcloud account (confirmed by CVSS PR:L) with at minimum read-only sharing permissions on a Nextcloud Tables view that has one or more filter criteria configured. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 4.3 (Medium) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N accurately characterizes this as a low-severity, low-complexity information disclosure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated Nextcloud user who has been granted read-only access to a shared Tables view issues a standard API request to retrieve the view's metadata. The server response includes the complete, unredacted filter criteria - for example, a filter configured to hide rows where department equals 'Executive' or salary exceeds a defined threshold - leaking business logic the view owner configured as private. … |
| Remediation | Upgrade Nextcloud Tables to version 1.0.4 or 2.0.0, both of which are confirmed patched releases per the vendor advisory at https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vvxm-6jjp-m9mp. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Cross-project folder hijacking in OpenProject before 17.3.3 and 17.4.1 lets a project-admin abuse an insecure direct obj
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing
A security vulnerability in Nextcloud Calendar (CVSS 5.7). Risk factors: public PoC available. Vendor patch is available
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attacker
Authentication bypass in OpenClaw's Nextcloud Talk plugin versions ≤2026.2.2 allows remote unauthenticated attackers to
SQL injection in the Nextcloud Tables app allows authenticated users with access to the Tables feature to execute arbitr
Improper authorization in the Nextcloud Server CalDAV backend allows an authenticated user who knows another user's prin
Authentication bypass in Nextcloud's User OIDC app (versions 0.3.0-3.0.x, 5.0.0-5.0.x, and 6.0.0-6.3.x) allows a malicio
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5
Blind SQL injection in the Nextcloud Tables app affects versions 0.9.0 through 0.9.6 and 1.0.0 through 1.0.1, allowing a
Comment authorization bypass in Nextcloud Server 31.x and 32.x allows authenticated low-privilege users to read all file
Nextcloud Server's link share attachment access bypasses password protection and download restrictions for authenticated
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33714