CVE-2025-66556 – Nextcloud talk allows participants to blindly delete poll drafts of other users by ID

CVE ID : CVE-2025-66556

Published : Dec. 5, 2025, 6:15 p.m. | 49 minutes ago

Description : Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…