Primary

Context

Nextcloud Forms Unauthorized File Access Vulnerability for Removed Collaborators

Vulnerability

Patched

A vulnerability in the Nextcloud Forms application, affecting versions 4.3.0 through prior to 5.2.7, allows removed collaborators to retain unauthorized read access to respondent files uploaded for forms where they previously had access to results. This issue arises because the file shares are not properly revoked when a collaborator is removed, leaving a gap in file access control.

Impact

The vulnerability could lead to unauthorized access to sensitive respondent files, potentially exposing private information.

Remediation

Users are advised to upgrade the Nextcloud Forms app to version 5.2.7. Alternatively, the Forms app can be disabled.

Added: Jun 1, 2026, 8:09 PM

Updated: Jun 1, 2026, 8:09 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

5.2

remediation

8.3

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

5.2

remediation

8.3

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nextcloud Forms Unauthorized File Access Vulnerability for Removed Collaborators

Vulnerability

Impact

Remediation

Affected Products

Nextcloud Forms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating