Primary

Context

Nextcloud Server and Enterprise Temporary File Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in Nextcloud Server versions 32.0.0 prior to 32.0.9 and 33.0.0 prior to 33.0.3, as well as in Nextcloud Enterprise Server versions 26.0.0, 27.0.0, 28.0.0, 29.0.0, 30.0.0, 31.0.0, 32.0.0, and 33.0.0. When a malicious user has access to a file share, they can use the share token to access chunked uploads directly, revealing temporary part files of ongoing uploads.

Impact

Exploitation allows access to intermediate upload files of the share owner, potentially leading to unauthorized data exposure.

Remediation

Users are advised to upgrade Nextcloud Server to version 32.0.9 or 33.0.3. Nextcloud Enterprise Server users should upgrade to versions 26.0.13.26, 27.1.11.25, 28.0.14.17, 29.0.16.16, 30.0.17.9, 31.0.14.5, 32.0.9 or 33.0.3.

Added: Jun 1, 2026, 5:26 PM

Updated: Jun 1, 2026, 5:26 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

5.0

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

5.0

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nextcloud Server and Enterprise Temporary File Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Nextcloud

Nextcloud Enterprise Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating