Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Server is upgraded to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8 or 28.0.4.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 26 Sep 2025 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nextcloud nextcloud Server
|
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:* cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* |
|
Vendors & Products |
Nextcloud nextcloud Server
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T03:50:56.117Z
Reserved: 2024-06-05T20:10:46.498Z
Link: CVE-2024-37313

Updated: 2024-06-14T15:52:49.446Z

Status : Analyzed
Published: 2024-06-14T15:15:51.427
Modified: 2025-09-26T23:39:11.987
Link: CVE-2024-37313

No data.

No data.