Primary

Context

Nextcloud Approval Workflow Association Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in the Nextcloud Approval app, affecting versions prior to 2.7.2. Authenticated users can determine if specific files are linked to particular approval workflows, allowing them to request approval for those files. This issue has been addressed in version 2.7.2.

Impact

Exploitation of this vulnerability allows authenticated users to access information about workflow associations of arbitrary files, potentially leading to unauthorized approval requests.

Remediation

Users are advised to upgrade the Nextcloud Approval app to version 2.7.2. Alternatively, the Approval app can be disabled.

Added: Jun 1, 2026, 8:19 PM

Updated: Jun 1, 2026, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nextcloud Approval Workflow Association Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Nextcloud Approval

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating