A vulnerability was found in Nextcloud news up to 28.3.0-beta.0 and classified as critical . This affects an unknown part of the component Web Interface/API . The manipulation results in server-side request forgery. This vulnerability was named CVE-2026-44515 . The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.