Nextcloud Server/Enterprise: 2FA bypass via WebDAV session token reuse

cve · CVE-2026-45691

Coverage timeline

first 2026-05-15 → last 2026-05-15

Briefs

1 distinct

Sources cited

2 hosts

Sections touched

active_threats

Co-occurring entities

no co-occurrence

Story timeline

2026-05-15CTI Daily Brief — 2026-05-15
active_threatsFirst coverage. CVSS 5.9. Pre-auth 2FA bypass via WebDAV. Affects Nextcloud Server 32.0.0-33.0.2 and Enterprise. High CH/EU public-sector relevance.

Where this entity is cited

active_threats1

Source distribution

github.com1 (50%)
wid.cert-bund.de1 (50%)

External references

NVD · cve.org · CISA KEV

All cited sources (2)

Items in briefs about Nextcloud Server/Enterprise: 2FA bypass via WebDAV session token reuse

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.