CVE-2026-45266: CWE-284: Improper Access Control in nextcloud security-advisories
Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and 23.0.3.
AI Analysis
Technical Summary
Nextcloud's security-advisories component contained an improper access control vulnerability (CWE-284) identified as CVE-2026-45266. Before versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user could mute other users' microphones in calls when the High-performance Backend was not installed. This behavior could impact user experience by allowing unauthorized interference with call audio. The vulnerability has been patched in the stated versions.
Potential Impact
The vulnerability allows a low-privileged user to interfere with other users' call audio by muting their microphones without proper authorization. There is no impact on confidentiality or availability, and no known exploitation in the wild has been reported. The overall impact is limited to integrity of call audio controls.
Mitigation Recommendations
Upgrade Nextcloud to version 21.1.10, 22.0.11, or 23.0.3 or later to apply the official fix for this vulnerability. Since the vendor advisory confirms the issue is patched in these versions, no additional mitigation steps are required.
CVE-2026-45266: CWE-284: Improper Access Control in nextcloud security-advisories
Description
Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and 23.0.3.
CVSS v3.1
Score 3.5low
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Nextcloud's security-advisories component contained an improper access control vulnerability (CWE-284) identified as CVE-2026-45266. Before versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user could mute other users' microphones in calls when the High-performance Backend was not installed. This behavior could impact user experience by allowing unauthorized interference with call audio. The vulnerability has been patched in the stated versions.
Potential Impact
The vulnerability allows a low-privileged user to interfere with other users' call audio by muting their microphones without proper authorization. There is no impact on confidentiality or availability, and no known exploitation in the wild has been reported. The overall impact is limited to integrity of call audio controls.
Mitigation Recommendations
Upgrade Nextcloud to version 21.1.10, 22.0.11, or 23.0.3 or later to apply the official fix for this vulnerability. Since the vendor advisory confirms the issue is patched in these versions, no additional mitigation steps are required.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-11T18:41:13.156Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1dbba7e29bf47b501c580a
Added to database: 6/1/2026, 5:04:39 PM
Last enriched: 6/1/2026, 5:20:07 PM
Last updated: 6/2/2026, 5:03:36 AM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.