CVE-2026-45266

Summary

Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and 23.0.3.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories< 21.1.10affected
nextcloudsecurity-advisories< 22.0.11affected
nextcloudsecurity-advisories< 23.0.3affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References