Skip to main content

Nextcloud Tables EUVDEUVD-2026-33715

| CVE-2026-45545 HIGH
SQL Injection (CWE-89)
2026-06-01 GitHub_M
8.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.2 HIGH
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Patch available
Jun 01, 2026 - 20:02 EUVD
Source Code Evidence Fetched
Jun 01, 2026 - 19:23 vuln.today
Analysis Generated
Jun 01, 2026 - 19:23 vuln.today

DescriptionGitHub Advisory

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries, through a stored injection. With carefully crafted input it is possible to break out of the length limitation. The attacker could use this to extract information from the database, or modify data. This issue has been patched in versions 0.7.7, 0.8.10, 0.9.8, 1.0.4, and 2.0.0.

AnalysisAI

SQL injection in the Nextcloud Tables app allows authenticated users with access to the Tables feature to execute arbitrary SQL queries against the backend database via a stored injection vector. Although a 20-byte length limit is imposed on the injected payload, carefully crafted input can break out of this restriction, enabling data extraction and modification. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain authenticated Nextcloud account
Delivery
Gain access to Tables app
Exploit
Submit crafted column/filter payload
Install
Bypass 20-byte length limit
C2
Stored input reaches SQL builder
Execute
Arbitrary SQL executes on database
Impact
Exfiltrate or modify Nextcloud data

Vulnerability AssessmentAI

Exploitation The attacker must hold a valid authenticated Nextcloud account (PR:L) that has been granted access to the Tables app and at least one table or view where column/filter input can be supplied - this is the explicit prerequisite stated in the advisory ('an authenticated attacker with access to the Tables app'). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 8.2 reflects network attack vector (AV:N), high attack complexity (AC:H, consistent with the need to craft input that escapes a 20-byte length cap), low privileges (PR:L, an authenticated Nextcloud user with Tables access), no user interaction, changed scope (S:C - the Tables app boundary into the shared Nextcloud database), and high confidentiality and integrity impact with no availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained a low-privileged Nextcloud account (via phishing, credential reuse, or as a legitimate but malicious internal user) and is permitted to use the Tables app submits a crafted column or filter parameter via the Tables REST API. The payload is designed to break out of the 20-byte length cap and is stored, so when the application later assembles SQL using the value, attacker-controlled SQL executes against the Nextcloud database, allowing exfiltration of other users' data or unauthorized modification of records. …
Remediation Upgrade the Nextcloud Tables app to a vendor-released patched version: 0.7.7, 0.8.10, 0.9.8, 1.0.4, or 2.0.0, as confirmed in advisory GHSA-x43f-gmgh-vvjj (https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x43f-gmgh-vvjj) with the corresponding upstream fix in pull request https://github.com/nextcloud/tables/pull/2309. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 HOURS: Identify all users with Nextcloud Tables feature access and review their privilege levels; assess data sensitivity in affected databases. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-52782 CRITICAL
9.9 Jun 26

Cross-project folder hijacking in OpenProject before 17.3.3 and 17.4.1 lets a project-admin abuse an insecure direct obj

CVE-2025-66208 CRITICAL
9.8 Dec 03

Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing

CVE-2025-66550 MEDIUM POC
5.7 Dec 05

A security vulnerability in Nextcloud Calendar (CVSS 5.7). Risk factors: public PoC available. Vendor patch is available

CVE-2019-25368 MEDIUM POC
5.4 Feb 15

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attacker

CVE-2026-28474 CRITICAL
9.3 Mar 05

Authentication bypass in OpenClaw's Nextcloud Talk plugin versions ≤2026.2.2 allows remote unauthenticated attackers to

CVE-2026-45281 HIGH
8.1 Jun 01

Improper authorization in the Nextcloud Server CalDAV backend allows an authenticated user who knows another user's prin

CVE-2026-45156 HIGH
8.1 Jun 01

Authentication bypass in Nextcloud's User OIDC app (versions 0.3.0-3.0.x, 5.0.0-5.0.x, and 6.0.0-6.3.x) allows a malicio

CVE-2025-66554 LOW POC
3.5 Dec 05

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5

CVE-2026-45722 HIGH
7.1 Jun 01

Blind SQL injection in the Nextcloud Tables app affects versions 0.9.0 through 0.9.6 and 1.0.0 through 1.0.1, allowing a

CVE-2026-45810 MEDIUM
6.8 Jun 01

Comment authorization bypass in Nextcloud Server 31.x and 32.x allows authenticated low-privilege users to read all file

CVE-2026-45282 MEDIUM
6.5 Jun 01

Nextcloud Server's link share attachment access bypasses password protection and download restrictions for authenticated

CVE-2026-45275 MEDIUM
6.5 Jun 01

Privilege escalation in the Nextcloud Approval app (prior to version 2.7.2) allows authenticated users who lack sharing

Share

EUVD-2026-33715 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy