Bug 2483835 (CVE-2026-45279)
| Summary: | CVE-2026-45279 nextcloud-server: Nextcloud Server: Path traversal vulnerability allows unauthorized file copying | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jon Moroney <jmoroney> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Nextcloud Server. This vulnerability allows non-admin users to perform a path traversal when the `{lang}` variable is used in the template directory configuration. An attacker can exploit this to copy arbitrary files, subject to existing Unix permissions, into their own Nextcloud directory. This could lead to unauthorized file access and potential information disclosure.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2483845, 2483850 | ||
| Bug Blocks: | |||
|
Description
Jon Moroney
2026-06-01 21:46:17 UTC
|