CVE-2026-45278 | THREATINT

Description

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2.

PUBLISHED Reserved 2026-05-11 | Published 2026-06-01 | Updated 2026-06-02 | Assigner GitHub_M

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem types

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Product status

>= 6.1.0, < 8.2.2

affected

References

github.com/...sories/security/advisories/GHSA-8wjr-5cg8-4w73

github.com/nextcloud/user_oidc/pull/1273

hackerone.com/reports/3464925

cve.org (CVE-2026-45278)

nvd.nist.gov (CVE-2026-45278)

Download JSON