Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Server is upgraded to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8 or 28.0.4.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 26 Sep 2025 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Nextcloud nextcloud Server
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
Vendors & Products Nextcloud nextcloud Server

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T03:50:56.117Z

Reserved: 2024-06-05T20:10:46.498Z

Link: CVE-2024-37313

cve-icon Vulnrichment

Updated: 2024-06-14T15:52:49.446Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-14T15:15:51.427

Modified: 2025-09-26T23:39:11.987

Link: CVE-2024-37313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.