{"id":"CVE-2022-41926","summary":"Nextcloud Talk Android broadcast incorrect permission handling","details":"Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.","aliases":["GHSA-564v-3rfc-352m"],"modified":"2026-04-10T04:51:34.159858Z","published":"2022-11-25T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41926.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-200","CWE-732"]},"references":[{"type":"WEB","url":"https://hackerone.com/reports/1596459"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41926.json"},{"type":"ADVISORY","url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-564v-3rfc-352m"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41926"},{"type":"FIX","url":"https://github.com/nextcloud/talk-android/pull/2148"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/talk-android","events":[{"introduced":"0"},{"fixed":"2596bc1ab183f6829df1b8779bf49f5560c1bf51"}]}],"versions":["alpha-","alpha-110000002","alpha-110000004","alpha-110000005","alpha-110000006","alpha-120000002","alpha-120000003","alpha-120000004","alpha-120000005","alpha-120000006","alpha-120000007","alpha-120000008","alpha-120000013","alpha-120000014","alpha-120000015","alpha-120000016","alpha-120020002","alpha-120020003","alpha-120020004","alpha-120020005","alpha-120020006","alpha-120020007","alpha-120030002","alpha-120030003","alpha-120030004","alpha-120030005","alpha-120030006","alpha-120030007","alpha-120030008","alpha-120030009","alpha-120030010","alpha-120030011","alpha-120030012","alpha-120030013","alpha-120030014","alpha-130000002","alpha-130010002","alpha-130010003","alpha-130010004","alpha-130010005","alpha-130010006","alpha-130010007","alpha-130010008","alpha-130010009","alpha-130010010","alpha-130010011","alpha-130010012","alpha-130010013","alpha-130010014","alpha-130010015","alpha-130010016","alpha-130010017","alpha-130010018","alpha-140010002","alpha-140010003","alpha-140010004","alpha-140010005","alpha-140010006","alpha-140010007","alpha-140010008","alpha-140010009","alpha-140010010","v0.1.0","v0.1.1","v0.1.2","v0.2.0","v1.0","v1.0.1","v1.0.10","v1.0.11","v1.0.12","v1.0.13","v1.0.14","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9","v1.1.0","v1.1.0beta1","v1.1.0beta2","v1.1.0beta3","v1.1.0beta4","v1.1.1","v1.2.0beta1","v1.2.0beta2","v1.2.0beta3","v11.0.0","v14.1.0rc1","v14.1.0rc2","v2.0.0","v2.0.0beta4","v2.0.0beta5","v2.1.0","v2.1.0beta1","v2.1.0beta2","v2.1.0beta3","v2.1.0beta4","v2.1.0beta5","v3.0.0","v3.0.0beta1","v3.0.0beta10","v3.0.0beta3","v3.0.0beta4","v3.0.0beta5","v3.0.0beta6","v3.0.0beta7","v3.0.0beta8","v3.0.1","v3.1.0","v3.1.0beta1","v3.1.0beta2","v3.1.0beta3","v3.1.0beta4","v3.1.0beta5","v3.1.0beta6","v3.2.0beta1","v3.2.0beta2","v3.2.0beta3","v3.2.0beta4","v3.2.0beta5","v3.3.0beta1","v3.3.0beta2","v3.3.0beta3","v6.0.0","v6.0.0beta1","v6.0.0beta2","v6.0.0beta3","v6.0.0beta4","v6.0.1","v6.0.2","v6.0.6-internal","v6.0.6internal","v6.0.7beta","v6.1.0","v7.0.0","v7.0.0beta1","v7.0.0beta2","v7.0.0beta3","v7.0.0beta4","v7.0.0beta5","v7.0.1","v7.0.2","v7.0.3","v7.0.4","v7.0.5","v7.0.6","v7.0.7","v7.0.8","v8.0.0","v8.0.0beta1","v8.0.0beta2","v8.0.0beta3","v8.0.0beta4","v8.0.1","v8.0.10","v8.0.2","v8.0.3","v8.0.4","v8.0.5","v8.0.6","v8.0.7","v8.0.8","v8.0.9","v8.1.0","v8.1.0rc1","v8.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41926.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}