Fedora 43 Nextcloud 33.0.3 Security Advisory 2026-6599e30e04 Critical RCE

fedora

May 11, 2026

33.0.3 Release

Summary

NextCloud gives you universal access to your files through a web interface or

WebDAV. It also provides a platform to easily view & sync your contacts,

calendars and bookmarks across all your devices and enables basic editing right

on the web. NextCloud is extendable via a simple but powerful API for

applications and plugins.

Update Information:

33.0.3 Release

Topics Covered

security advisory denial of service fedora XSS remote code execution nextcloud

Change Log

* Sat May 2 2026 Andrew Bauer - 33.0.3-1 - 33.0.3 Release RHBZ#2454311 * Sat Apr 18 2026 Andrew Bauer - 33.0.1-2 - fix cli upgrade advice

References

[ 1 ] Bug #2452582 - CVE-2026-33916 nextcloud: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452582 [ 2 ] Bug #2452588 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452588 [ 3 ] Bug #2452590 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452590 [ 4 ] Bug #2452593 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452593 [ 5 ] Bug #2452596 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6599e30e04' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

critical

Lowest

Low

Medium

High

Critical

Name: nextcloud

Product: Fedora 43

Version: 33.0.3

Release: 1.fc43

URL: http://nextcloud.com

Summary: Private file sync and share server

Topics Covered

security advisory denial of service fedora XSS remote code execution nextcloud

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 43 Nextcloud 33.0.3 Security Advisory 2026-6599e30e04 Critical RCE

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 43 Nextcloud 33.0.3 Security Advisory 2026-6599e30e04 Critical RCE

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!