CVE-2021-32707 | Bypass of image blocking in Nextcloud Mail
Exp
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.
Conclusion & alert: CVE-2021-32707 is rated Exploit Available (54.9/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.15%).Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB).Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Public exploit references (Exploit-DB) for CVE-2021-32707
Exploit prediction scoring system (EPSS) score for CVE-2021-32707
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).