CVE-2026-45544: Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService
Published Jun 1, 2026
·Updated
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0.
Affected Software
2 affected components
Nextcloud Nextcloud Tables>=0.8.0<1.0.4
Nextcloud Tables Nextcloud>=0.8.0<1.0.4
Remediation
Patch Available
Event History
Jun 1, 2026
CVE Published
via MITRE·05:03 PM
Data Sourced
via MITRE·05:03 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·07:16 PM
RemedyDescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-45544?
The severity of CVE-2026-45544 is rated as medium with a score of 4.3.
2
How do I fix CVE-2026-45544?
To fix CVE-2026-45544, upgrade Nextcloud to version 1.0.4 or later.
3
What type of vulnerability is CVE-2026-45544?
CVE-2026-45544 is an information disclosure vulnerability due to broken sensitive data masking.
4
What versions of Nextcloud are affected by CVE-2026-45544?
CVE-2026-45544 affects Nextcloud versions from 0.8.0 to before 1.0.4.
5
What kind of data is exposed in CVE-2026-45544?
CVE-2026-45544 exposes view filter criteria to users with read-only permissions.