MEDIUM🇵🇱 Wersja polska

CVE-2026-45286

CVSS 4.3v3.1pub. 2026-06-01upd. 2026-06-03

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied to other endpoints, were not effective here. This issue has been patched in versions 5.5.17 and 6.2.3.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Nextcloud Calendar

    APP
    Nextcloud
    5.5.13 – 5.5.17 (bez)6.2.0 – 6.2.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-66550MEDIUM5.7ten sam produkt

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a...

CVE-2025-66511MEDIUM4.8ten sam produkt

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tok...

CVE-2024-37316MEDIUM4.6ten sam produkt

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated...

CVE-2023-45150MEDIUM4.3ten sam produkt

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the...

CVE-2022-24838MEDIUM5.3ten sam produkt

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointmen...