โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2026-45281
CVE-2026-45281 - Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update
๐Ÿ“… 2026-06-01 22:16:50
๐Ÿ”ด Critical ๐Ÿ”ฅ No MITRE CVE High Exploit Vulnerability

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

CVE ID :CVE-2026-45281 Published : June 1, 2026, 7:16 p.m. | 1ย hour, 8ย minutes ago Description :Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other usersโ€™ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

Nextcloud: Cross-Account Calendar

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

Exploit

๐Ÿ”— CVE ID

CVE-2026-45281

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

MITRE CVE High

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Update to v32.0.0

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†