Primary

Context

Nextcloud End-to-End Encryption Files Drop Vulnerability Allowing Unauthorized File Access

Vulnerability

Patched

A vulnerability exists in Nextcloud's End-to-End Encryption feature, specifically in versions 1.15.0 prior to 1.15.4, 1.16.0 prior to 1.16.3, 1.17.0 prior to 1.17.1, and 1.18.0 prior to 1.18.1. This issue allows a malicious user with access to an encrypted files drop link to inadvertently drop files into other encrypted folders belonging to the share owner. However, this vulnerability does not permit reading or modifying of other files.

Impact

Exploitation of this vulnerability allows for unauthorized file drops into encrypted folders of the share owner, potentially leading to confusion or misuse of shared files.

Remediation

Users are advised to update the Nextcloud End-to-End Encryption app to version 1.15.4, 1.16.3, 1.17.1, 1.18.1, or 2.0.0-rc.7.

Added: Jun 1, 2026, 5:25 PM

Updated: Jun 1, 2026, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

5.3

remediation

7.7

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

5.3

remediation

7.7

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nextcloud End-to-End Encryption Files Drop Vulnerability Allowing Unauthorized File Access

Vulnerability

Impact

Remediation

Affected Products

Nextcloud

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating