โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2026-45156
CVE-2026-45156 - Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC
๐Ÿ“… 2026-06-01 20:17:09
๐Ÿ”ด Critical ๐Ÿ”ฅ No MITRE CVE High Vulnerability Vulnerability

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

CVE ID :CVE-2026-45156 Published : June 1, 2026, 5:17 p.m. | 1ย hour, 8ย minutes ago Description :Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowed a malicious ID4me authority to identify as any user. This issue has been patched in vers

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

Nextcloud: Authentication Bypass

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

Vulnerability

๐Ÿ”— CVE ID

CVE-2026-45156

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

MITRE CVE High

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Update to v0.3.0

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†