CVE-2026-45544
Exposed View Filter Criteria in Nextcloud Tables
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextcloud | tables | From 0.8.0 (inc) to 1.0.4 (exc) |
| nextcloud | tables | 1.0.4 |
| nextcloud | tables | 2.0.0 |
| nextcloud | nextcloud | From 0.8.0 (inc) to 1.0.4 (exc) |
| nextcloud | nextcloud | 1.0.4 |
| nextcloud | nextcloud | 2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1230 | The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-45544 is an information disclosure vulnerability in the Nextcloud Tables app. It occurs because the view filter criteria, which should be hidden, are exposed to users who only have read-only permissions. This means that sensitive metadata related to view filters can be accessed by unauthorized users.
The issue affects versions of the Tables app from 0.8.0 up to but not including 1.0.4 and 2.0.0, where it has been patched.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information through metadata exposure. Users with only read-only access can view filter criteria that should be hidden, potentially revealing internal data structures or sensitive filtering logic.
While it does not allow modification or deletion of data, the exposure of sensitive metadata could aid attackers in understanding the system better or in planning further attacks.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade the Nextcloud Tables app to version 1.0.4 or 2.0.0, where the issue has been patched.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves information disclosure where users with read-only permissions can access view filter metadata that should be hidden. Exposure of sensitive information, even metadata, can potentially impact compliance with data protection regulations such as GDPR and HIPAA, which require protection of sensitive data and minimization of unauthorized data access.
However, the provided information does not explicitly describe the direct impact on compliance with these standards or any regulatory consequences.