Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended that the Nextcloud Server is upgraded to 31.0.12 or 32.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 21.0.9.20, 22.2.10.35, 23.0.12.31, 24.0.12.30, 25.0.13.25, 26.0.13.22, 27.1.11.22, 28.0.14.13, 29.0.16.10, 30.0.17.5, 31.0.12 or 32.0.3
AnalysisAI
Comment authorization bypass in Nextcloud Server 31.x and 32.x allows authenticated low-privilege users to read all file comments system-wide, bypassing file-level access controls. Affected are Nextcloud Server 31.0.0-31.0.11 and 32.0.0-32.0.2, plus a broad range of Nextcloud Enterprise Server branches. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold a valid authenticated Nextcloud account with at least low-privilege access (PR:L confirmed by CVSS vector) - unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 6.8 Medium with vector AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N reflects a network-reachable, low-complexity attack requiring low-privilege authentication and some user interaction, producing Changed scope and High confidentiality impact with no integrity or availability loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated Nextcloud user with access to at least one file comment iterates through comment IDs by manipulating the WebDAV comment endpoint URL, requesting comment resources whose IDs fall outside their own file-access scope. Because the server previously returned any comment by numeric ID without verifying it belonged to the requested file collection, the attacker reads comments containing sensitive information such as internal project notes, shared credentials, or confidential review feedback from files they cannot otherwise open. … |
| Remediation | Vendor-released patch: Nextcloud Server 31.0.12 or 32.0.3 for community editions; Nextcloud Enterprise Server users should upgrade to the patched release for their branch (21.0.9.20, 22.2.10.35, 23.0.12.31, 24.0.12.30, 25.0.13.25, 26.0.13.22, 27.1.11.22, 28.0.14.13, 29.0.16.10, 30.0.17.5, 31.0.12, or 32.0.3). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Cross-project folder hijacking in OpenProject before 17.3.3 and 17.4.1 lets a project-admin abuse an insecure direct obj
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing
A security vulnerability in Nextcloud Calendar (CVSS 5.7). Risk factors: public PoC available. Vendor patch is available
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attacker
Authentication bypass in OpenClaw's Nextcloud Talk plugin versions ≤2026.2.2 allows remote unauthenticated attackers to
SQL injection in the Nextcloud Tables app allows authenticated users with access to the Tables feature to execute arbitr
Improper authorization in the Nextcloud Server CalDAV backend allows an authenticated user who knows another user's prin
Authentication bypass in Nextcloud's User OIDC app (versions 0.3.0-3.0.x, 5.0.0-5.0.x, and 6.0.0-6.3.x) allows a malicio
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5
Blind SQL injection in the Nextcloud Tables app affects versions 0.9.0 through 0.9.6 and 1.0.0 through 1.0.1, allowing a
Nextcloud Server's link share attachment access bypasses password protection and download restrictions for authenticated
Privilege escalation in the Nextcloud Approval app (prior to version 2.7.2) allows authenticated users who lack sharing
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33720