GHSA-vf5j-r2hw-2hrw: OpenCloud Affected by Public Link Exploit

February 5, 2026

A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link.

OpenCloud uses Reva as one of its core components and thus it is affected.

References

github.com/advisories/GHSA-vf5j-r2hw-2hrw
github.com/opencloud-eu/opencloud
github.com/opencloud-eu/opencloud/security/advisories/GHSA-vf5j-r2hw-2hrw

Code Behaviors & Features

Detect and mitigate GHSA-vf5j-r2hw-2hrw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →