Bug 2483835 (CVE-2026-45279)

Summary: CVE-2026-45279 nextcloud-server: Nextcloud Server: Path traversal vulnerability allows unauthorized file copying
Product: [Other] Security Response Reporter: Jon Moroney <jmoroney>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Nextcloud Server. This vulnerability allows non-admin users to perform a path traversal when the `{lang}` variable is used in the template directory configuration. An attacker can exploit this to copy arbitrary files, subject to existing Unix permissions, into their own Nextcloud directory. This could lead to unauthorized file access and potential information disclosure.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2483845, 2483850    
Bug Blocks:    

Description Jon Moroney 2026-06-01 21:46:17 UTC
HASH(0x55c1f34617e0)