Primary

Context

Nextcloud Forms Missing Permissions Check Vulnerability Allowing Unauthorized Access to Form Submissions

Vulnerability

Patched

A vulnerability in Nextcloud Forms prior to version 5.2.6 allows users to access form submissions of other users due to a missing permissions check. This issue has been addressed in version 5.2.6.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive form submission data from other users.

Remediation

Users are advised to upgrade Nextcloud Forms to version 5.2.6. If an immediate upgrade is not possible, the Forms app can be disabled as a temporary measure.

Added: Jun 1, 2026, 5:21 PM

Updated: Jun 1, 2026, 5:21 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

5.9

remediation

8.3

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

5.9

remediation

8.3

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nextcloud Forms Missing Permissions Check Vulnerability Allowing Unauthorized Access to Form Submissions

Vulnerability

Impact

Remediation

Affected Products

Nextcloud Forms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating