The vulnerability in Nextcloud Tables allows users who only have read‑only access to view the criteria of table view filters, revealing sensitive configuration details that should remain hidden. This flaw is categorized as CWE‑1230, representing Sensitive Data Exposure, and could enable unauthorized individuals to gather context about the structure and filtration logic of stored data. Based on the description, it is inferred that this flaw enables unauthorized individuals to gather contextual information about table structures and filter logic.

The affected product is Nextcloud Tables from version 0.8.0 up to, but not including, 1.0.4. Users running these versions should immediately assess whether they are using any of the impacted releases, as later releases such as 1.0.4 and 2.0.0 contain the fix.

The CVSS score of 4.3 indicates moderate severity, and there is no EPSS data or KEV listing, which suggests low to moderate likelihood of exploitation in the wild. Because the disclosure requires legitimate read‑only access to a Nextcloud instance, the threat is most significant for organizations with large numbers of read‑only users or where sensitive column names or filter logic could provide insight to attackers. Mitigation through patching or permission hardening is recommended. Based on the description, it is inferred that the absence of EPSS and KEV data suggests limited exploitation activity. Based on the description, it is inferred that the threat is most pronounced in environments with many read‑only users or where sensitive configuration data is present.