Skip to content

Nextcloud Data Breach: Customer Scripts and Invoices Accessible via Public Directories

Bottom line: A Nextcloud security vulnerability exposed customer-specific scripts and business documents through publicly accessible directories.

A security flaw in Nextcloud enabled unauthorized access to internal corporate data as well as customer-specific scripts and invoices. The leak was caused by insufficiently protected directories in the web interface.

During a security audit, a vulnerability was discovered in the Nextcloud infrastructure that allowed attackers to access confidential business data. Internal corporate data was visible through publicly accessible web directories, including customer-specific scripts and invoice documents.

For security executives, this incident is relevant as it demonstrates how even established collaboration platforms can be compromised through faulty access controls at the directory level. Particularly problematic is the exposure of customer scripts, which may have contained information about infrastructure, authentication mechanisms, or business processes and could have served as a basis for targeted attacks.

Nextcloud should inform affected parties about which scripts and invoice data were exposed and provide patches promptly. CISOs should verify whether their Nextcloud instances are also affected and conduct an audit of their own directory access configurations.


Source: www.golem.de · Published 8 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: