CVE-2021-41181 LOW

CVE-2021-41181: Nextcloud Talk app exposes chat messages on lockscreen

Vendor Nextcloud

Product security-advisories

Weakness CWE-200 · Info exposure

Published March 8, 2022

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

2.4/10

Attack vector Physical

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds.

Key dates

02Disclosure timeline

March 8, 2022 CVE published

April 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-41181

Related vulnerabilities

CVE-2021-41181: Nextcloud Talk app exposes chat messages on lockscreen

01Description

02Disclosure timeline

03References

04Related CVE