CVE-2026-45277
Authenticated File Existence Check in Nextcloud Workflow
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextcloud | approval | to 2.7.2 (exc) |
| nextcloud | approval | 2.7.2 |
| nextcloud | approval | 3.0.0 |
| nextcloud | nextcloud | to 2.7.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to information disclosure where authenticated users with low privileges can determine if arbitrary files are linked to approval workflows. While it does not allow modification or deletion of files, it exposes potentially sensitive workflow association information.
The impact is rated as low severity with a CVSS score of 3.3, requiring local access and low privileges, and no user interaction. However, unauthorized disclosure of workflow associations could aid attackers in understanding internal processes or targeting specific files.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the Nextcloud Approval app versions prior to 2.7.2, where authenticated users can check if arbitrary files are associated with approval workflows. Detection would involve verifying the version of the Approval app installed and monitoring for suspicious use of the fileId parameter in requests.
Specifically, you can check the installed version of the Nextcloud Approval app to see if it is older than 2.7.2.
- Use Nextcloud's occ command line tool to list app versions: `sudo -u www-data php occ app:list` and look for the Approval app version.
- Monitor web server logs for requests containing the `fileId` parameter to the Approval app endpoints, which might indicate attempts to exploit the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the Nextcloud Approval app to version 2.7.2 or later, where the vulnerability has been patched.
If upgrading immediately is not possible, the only other option is to disable the Approval app entirely to prevent exploitation.
Since the vulnerability requires authenticated access with low privileges and no user interaction, limiting user access and monitoring for suspicious activity can also help reduce risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated users to check if arbitrary files are associated with specific approval workflows, potentially disclosing information about workflow associations to unauthorized users.
While the impact is rated as low and the disclosure is limited to workflow associations rather than the file contents themselves, such information disclosure could have implications for compliance with data protection regulations like GDPR or HIPAA if it leads to unauthorized exposure of sensitive process-related metadata.
However, the provided information does not explicitly state any direct compliance violations or regulatory impacts caused by this vulnerability.
Can you explain this vulnerability to me?
CVE-2026-45277 is a vulnerability in the Nextcloud Approval app affecting versions prior to 2.7.2. It allows authenticated users to check if arbitrary files are associated with specific approval workflows where they can request approval. This means that users with low privileges can gain information about workflow associations of files they might not otherwise have access to.
The issue arises from insufficient access permission checks related to the fileId parameter, which was addressed by an improved permission check introduced in a code update merged in early 2026.