CVE-2026-44515 | Nextcloud news up to 28.3.0-beta.0 Web Interface/API server-side request forgery (GHSA-jcfr-rmj6-cpfj)

Inserito da Angelo Barbosa | Mag 14, 2026 | CVE

A vulnerability was found in Nextcloud news up to 28.3.0-beta.0 and classified as critical. This affects an unknown part of the component Web Interface/API. The manipulation results in server-side request forgery.

This vulnerability was named CVE-2026-44515. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-44515 | Nextcloud news up to 28.3.0-beta.0 Web Interface/API server-side request forgery (GHSA-jcfr-rmj6-cpfj)

Post correlati

CVE-2024-23486 | Buffalo WSR-A2533DHP2 cleartext storage

CVE-2024-45082 | IBM Cognos Analytics up to 11.2.4/12.0.3 redirect

CVE-2025-25180 | Imagination Graphics DDK prior 25.1 RTM1 GPU Driver out-of-range pointer offset

CVE-2025-46060 | TOTOLINK N600R 4.3.0cu.7866_B2022506 UPLOAD_FILENAME Component buffer overflow