CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-45284

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.6%

CVSS Severity

CVSS v3 Score 4.6

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-79xf-ffj8-96fm
https://github.com/nextcloud/user_oidc/pull/1340
https://hackerone.com/reports/3554696

Products affected by CVE-2026-45284

Nextcloud » User Oidc » Version: 5.0.0

cpe:2.3:a:nextcloud:user_oidc:5.0.0
Nextcloud » User Oidc » Version: 6.0.0

cpe:2.3:a:nextcloud:user_oidc:6.0.0
Nextcloud » User Oidc » Version: 6.1.0

cpe:2.3:a:nextcloud:user_oidc:6.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-45284

Products

Pricing

Contact Us