Primary

Context

Nextcloud Talk Poll Draft Deletion Vulnerability

Vulnerability

Patched

A vulnerability in Nextcloud Talk versions 20.0.0 prior to 20.1.8 and 21.0.0 prior to 21.1.2 allows participants with chat permissions to delete poll drafts of other users within the same conversation. This was possible by referencing the numeric ID of the poll draft. The issue has been resolved in versions 20.1.8 and 21.1.2.

Impact

The vulnerability allows for unauthorized deletion of poll drafts, potentially disrupting ongoing discussions or poll activities.

Reproduction

To reproduce this vulnerability, a user with chat permissions can delete a poll draft belonging to another participant by using the numeric ID of the draft. This can be done within a conversation in Nextcloud Talk.

Remediation

Users are advised to update the Nextcloud Talk app to version 20.1.8 or 21.1.2.

Added: Dec 5, 2025, 6:21 PM

Updated: Dec 5, 2025, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nextcloud Talk Poll Draft Deletion Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Nextcloud Talk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating