{"id":56441,"date":"2022-09-07T09:51:07","date_gmt":"2022-09-07T07:51:07","guid":{"rendered":"https:\/\/nextcloud.com\/?page_id=56441"},"modified":"2026-02-02T08:19:26","modified_gmt":"2026-02-02T07:19:26","slug":"threat-model","status":"publish","type":"page","link":"https:\/\/nextcloud.com\/es\/security\/threat-model\/","title":{"rendered":"Threat model"},"content":{"rendered":"

[vc_section el_class=\u00bbtitlebar about_us nc-section-gradient-bg\u00bb][vc_row content_placement=\u00bbmiddle\u00bb][vc_column width=\u00bb2\/3″ css=\u00bb.vc_custom_1670934972957{padding-top: 2rem !important;}\u00bb][vc_column_text css=\u00bb\u00bb el_class=\u00bbpage-title centerMobile\u00bb]<\/p>\n

Threat model & accepted risks<\/h1>\n

[\/vc_column_text][vc_column_text css=\u00bb.vc_custom_1728289511316{margin-bottom: 0px !important;}\u00bb el_class=\u00bbpage-subtitle centerMobile\u00bb]This page is constantly evolving. So check back over time to see new additions. [\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/3″][\/vc_column][\/vc_row][\/vc_section][vc_section el_class=\u00bbnc_default_section\u00bb][vc_row equal_height=\u00bbyes\u00bb css=\u00bb.vc_custom_1662476609904{margin-bottom: 2rem !important;}\u00bb][vc_column][vc_column_text css=\u00bb.vc_custom_1665128736737{margin-bottom: 2rem !important;}\u00bb]<\/p>\n

Security overview<\/a>\u00a0\u00a0|\u00a0\u00a0Security Advisories<\/a><\/div>\n

[\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_id=\u00bbadmin_privileges\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744493340{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb342816″][vc_column_text]<\/p>\n

Administrator privileges<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

We consider Nextcloud administrators ultimately trusted. It is for example expected behavior that a Nextcloud administrator can execute arbitrary code.<\/p>\n

[\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_id=\u00bbdos\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744503484{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb343457″][vc_column_text css=\u00bb\u00bb]<\/p>\n

Denial of Service<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

Due to the usage of the PHP scripting language we do consider Denial of Service not something that can at the moment be completely prevented.<\/p>\n

[\/vc_column_text][\/vc_column][\/vc_row][vc_row css=\u00bb.vc_custom_1662476615310{margin-top: 2rem !important;margin-bottom: 2rem !important;}\u00bb][vc_column width=\u00bb1\/2″ el_id=\u00bbbeta-features\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744511436{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb343467″][vc_column_text]<\/p>\n

Beta and Proof-of-Concept features<\/h4>\n

[\/vc_column_text][vc_column_text]Features flagged as \u00abBeta\u00bb or \u00abProof-of-Concept\u00bb in the user interface, marketing release material or documentation, can be limited in their bounty rewards. Based on the impact and readiness of the feature a monetary reward are still be possible, but it will be decided case by case.[\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_id=\u00bblocal-external-storage\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744524088{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb344131″][vc_column_text]<\/p>\n

Local external storage systems
\nare considered trusted<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

We do consider local mounted storage systems as trusted, so if a symlink or something else is configured on the external storage the Nextcloud server will follow it with the web server privileges. For this reason we do recommend administrators to only use the external storage mount for ultimately trusted content.<\/p>\n

[\/vc_column_text][\/vc_column][\/vc_row][vc_row css=\u00bb.vc_custom_1662476619902{margin-top: 2rem !important;margin-bottom: 2rem !important;}\u00bb][vc_column width=\u00bb1\/2″ el_id=\u00bbserver-side-encryption\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744581268{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb339444″][vc_column_text]<\/p>\n

Server-side encryption<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

Nextcloud can be configured to encrypt data at rest. This has two options: server-wide key (default since Nextcloud 13) or per-user key. With the former, the keys are on the server and thus the only protection offered is against external storage. With per-user keys, the keys are encrypted by the user password and handled as securely as possible, thus securing data when the user is not logged in. We are aware that a Nextcloud administrator could still intercept the user password to manually decrypt the encryption key. We do thus only consider attack scenarios bounty-worthy if they include an external storage vector or, with per-user-keys, data-at-rest.<\/p>\n

[\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_id=\u00bbclient-side-encryption\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744600211{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb339324″][vc_column_text]<\/p>\n

Client-side encryption<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

Nextcloud client-side (or end-to-end) encryption is designed to protect user data from the server in nearly all scenario\u2019s, as described in the RFC.<\/a> Any way to circumvent the protection as covered by the security properties<\/a> would be treated by us as a security issue.<\/p>\n

[\/vc_column_text][\/vc_column][\/vc_row][vc_row css=\u00bb.vc_custom_1662477090190{margin-top: 2rem !important;margin-bottom: 2rem !important;}\u00bb][vc_column width=\u00bb1\/2″ el_id=\u00bbfeatures-insecure\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744615688{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb342712″][vc_column_text]<\/p>\n

Features intentionally marked as insecure<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

Some features in Nextcloud are intentionally marked as insecure and disabled by default (plus have a big warning above them). One example includes the preview providers such as the LibreOffice preview provider. At the moment we consider vulnerabilities in those disabled features as not bounty-worthy.<\/p>\n

[\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_id=\u00bbaudit-logging\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744642196{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb342826″][vc_column_text]<\/p>\n

Audit logging<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

The audit logging feature in Nextcloud is at the moment missing some logs for things like \u201cAccessing previews of files\u201d, these will be added in a future release and known issues are tracked in our issue tracker<\/a>.<\/p>\n

[\/vc_column_text][\/vc_column][\/vc_row][vc_row css=\u00bb.vc_custom_1662477094704{margin-top: 2rem !important;margin-bottom: 2rem !important;}\u00bb][vc_column width=\u00bb1\/2″ el_id=\u00bbversion-disclosure\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744667266{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb342712″][vc_column_text]<\/p>\n

Version disclosure<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

At the moment we consider version disclosure an accepted risk as an attacker can enumerate service versions using other means as well. (e.g. comparing behaviour)<\/p>\n

[\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_class=\u00bbcopy_element_link\u00bb el_id=\u00bbcontent-spoofing\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744678118{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb342712″][vc_column_text]<\/p>\n

Content spoofing<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

Generally speaking we consider content spoofing not a bounty-worthy vulnerability.<\/p>\n

[\/vc_column_text][\/vc_column][\/vc_row][vc_row css=\u00bb.vc_custom_1728289133493{margin-top: 2rem !important;margin-bottom: 2rem !important;}\u00bb][vc_column width=\u00bb1\/2″ el_class=\u00bbcopy_element_link\u00bb el_id=\u00bbandroid-attacks\u00bb][vc_icon icon_fontawesome=\u00bbfab fa-android\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1662530789329{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″][vc_column_text css=\u00bb\u00bb]<\/p>\n

Attacks involving ADB or other Android apps on the device<\/h4>\n

[\/vc_column_text][vc_column_text css=\u00bb\u00bb]We do consider attacks involving other Android apps on the device as low or medium risk. Stored files can be hidden from other apps if appropriate storage option is selected inside the app. This should be secure, however, if the phone is compromised we don\u2019t guarantee data safety. Similarly such attacks as well as attacks involving Android Debug Bridge (ADB) might be excluded from monetary rewards.[\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_id=\u00bbios-attacks\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon icon_fontawesome=\u00bbfab fa-apple\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1728289279979{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″][vc_column_text css=\u00bb\u00bb]<\/p>\n

Attacks involving XCode or other iOS apps on the device<\/h4>\n

[\/vc_column_text][vc_column_text css=\u00bb\u00bb]We do consider attacks involving other iOS apps on the device as low or medium risk. Stored files can be hidden from other apps if appropriate storage option is selected inside the app. This should be secure, however, if the phone is compromised we don\u2019t guarantee data safety. Similarly such attacks as well as attacks involving manipulation via XCode might be excluded from monetary rewards.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css=\u00bb.vc_custom_1662477103473{margin-top: 2rem !important;margin-bottom: 2rem !important;}\u00bb][vc_column width=\u00bb1\/2″ el_class=\u00bbcopy_element_link\u00bb el_id=\u00bbuser-enumeration\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744692575{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb342712″][vc_column_text]<\/p>\n

User enumeration<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

We do not consider user enumeration a security risk as for convenience and for features such as Server-to-Server sharing this is an expected behaviour.<\/p>\n

[\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_class=\u00bbcopy_element_link\u00bb el_id=\u00bbbrute-force\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744745236{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb347105″][vc_column_text]<\/p>\n

Brute force of credentials<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

Nextcloud 12 introduced brute force protection. If you find a way in which it is broken, it could qualify as a security issue. Of course we\u2019re aware that using TOR or similar solutions can be used to circumvent IP address based brute force protection. It is also not implemented in all endpoints, but should not allow guessing passwords at great speed from a single IP address.<\/p>\n

[\/vc_column_text][\/vc_column][\/vc_row][vc_row css=\u00bb.vc_custom_1662477108563{margin-top: 2rem !important;margin-bottom: 2rem !important;}\u00bb][vc_column width=\u00bb1\/2″ el_class=\u00bbcopy_element_link\u00bb el_id=\u00bbserver-side-forgery\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744761055{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb342712″][vc_column_text css=\u00bb\u00bb]<\/p>\n

Server-side request forgery<\/h4>\n

[\/vc_column_text][vc_column_text]<\/p>\n

Nextcloud ships with multiple features that perform sending requests to other hosts, we do consider this accepted behaviour and advocate people to deploy Nextcloud into its own seggregated network segment.<\/p>\n

[\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_class=\u00bbcopy_element_link\u00bb el_id=\u00bbapp-isolation\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bbfa fa-solid fa-table-columns\u00bb color=\u00bbcustom\u00bb size=\u00bblg\u00bb css=\u00bb.vc_custom_1761744932706{margin-bottom: 15px !important;}\u00bb custom_color=\u00bb#0082c9″ svg_id=\u00bb347110″][vc_column_text css=\u00bb\u00bb]<\/p>\n

App isolation<\/h4>\n

[\/vc_column_text][vc_column_text css=\u00bb\u00bb]Nextcloud Server apps and ExApps<\/a> are not isolated against each others and are considered trusted. They can do database queries to tables of other apps, change configuration values and other data. While considered bad practise, this is not technically enforced and considered acceptable.[\/vc_column_text][\/vc_column][\/vc_row][\/vc_section]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"

[vc_section el_class=\u00bbtitlebar about_us nc-section-gradient-bg\u00bb][vc_row content_placement=\u00bbmiddle\u00bb][vc_column width=\u00bb2\/3″ css=\u00bb.vc_custom_1670934972957{padding-top: 2rem !important;}\u00bb][vc_column_text css=\u00bb\u00bb el_class=\u00bbpage-title centerMobile\u00bb] Threat model & accepted risks [\/vc_column_text][vc_column_text css=\u00bb.vc_custom_1728289511316{margin-bottom: 0px !important;}\u00bb el_class=\u00bbpage-subtitle centerMobile\u00bb]This page is constantly evolving. So check back over time to see new additions. [\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/3″][\/vc_column][\/vc_row][\/vc_section][vc_section el_class=\u00bbnc_default_section\u00bb][vc_row equal_height=\u00bbyes\u00bb css=\u00bb.vc_custom_1662476609904{margin-bottom: 2rem !important;}\u00bb][vc_column][vc_column_text css=\u00bb.vc_custom_1665128736737{margin-bottom: 2rem !important;}\u00bb] Security overview\u00a0\u00a0|\u00a0\u00a0Security Advisories [\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_id=\u00bbadmin_privileges\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb […]<\/p>\n","protected":false},"author":26,"featured_media":0,"parent":2255,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"publish_to_discourse":"","publish_post_category":"","wpdc_auto_publish_overridden":"","wpdc_topic_tags":"","wpdc_pin_topic":"","wpdc_pin_until":"","discourse_post_id":"","discourse_permalink":"","wpdc_publishing_response":"","wpdc_publishing_error":"","footnotes":""},"tags":[],"class_list":["post-56441","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"\nThreat model - Nextcloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nextcloud.com\/es\/security\/threat-model\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat model - Nextcloud\" \/>\n<meta property=\"og:description\" content=\"[vc_section el_class=\u00bbtitlebar about_us nc-section-gradient-bg\u00bb][vc_row content_placement=\u00bbmiddle\u00bb][vc_column width=\u00bb2\/3″ css=\u00bb.vc_custom_1670934972957{padding-top: 2rem !important;}\u00bb][vc_column_text css=\u00bb\u00bb el_class=\u00bbpage-title centerMobile\u00bb] Threat model & accepted risks [\/vc_column_text][vc_column_text css=\u00bb.vc_custom_1728289511316{margin-bottom: 0px !important;}\u00bb el_class=\u00bbpage-subtitle centerMobile\u00bb]This page is constantly evolving. So check back over time to see new additions. [\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/3″][\/vc_column][\/vc_row][\/vc_section][vc_section el_class=\u00bbnc_default_section\u00bb][vc_row equal_height=\u00bbyes\u00bb css=\u00bb.vc_custom_1662476609904{margin-bottom: 2rem !important;}\u00bb][vc_column][vc_column_text css=\u00bb.vc_custom_1665128736737{margin-bottom: 2rem !important;}\u00bb] Security overview\u00a0\u00a0|\u00a0\u00a0Security Advisories [\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_id=\u00bbadmin_privileges\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nextcloud.com\/es\/security\/threat-model\/\" \/>\n<meta property=\"og:site_name\" content=\"Nextcloud\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Nextclouders\/\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-02T07:19:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nextcloud.com\/c\/uploads\/2026\/01\/nextcloud-home-featured-image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@nextclouders\" \/>\n<meta name=\"twitter:label1\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data1\" content=\"9 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nextcloud.com\/es\/security\/threat-model\/\",\"url\":\"https:\/\/nextcloud.com\/es\/security\/threat-model\/\",\"name\":\"Threat model - Nextcloud\",\"isPartOf\":{\"@id\":\"https:\/\/nextcloud.com\/es\/#website\"},\"datePublished\":\"2022-09-07T07:51:07+00:00\",\"dateModified\":\"2026-02-02T07:19:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/nextcloud.com\/es\/security\/threat-model\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nextcloud.com\/es\/security\/threat-model\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nextcloud.com\/es\/security\/threat-model\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/nextcloud.com\/es\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/nextcloud.com\/es\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Threat model\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nextcloud.com\/es\/#website\",\"url\":\"https:\/\/nextcloud.com\/es\/\",\"name\":\"Nextcloud\",\"description\":\"Regain control over your data\",\"publisher\":{\"@id\":\"https:\/\/nextcloud.com\/es\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nextcloud.com\/es\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/nextcloud.com\/es\/#organization\",\"name\":\"Nextcloud\",\"url\":\"https:\/\/nextcloud.com\/es\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/nextcloud.com\/es\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/nextcloud.com\/c\/uploads\/2022\/10\/nextcloud-logo-blue-transparent.svg\",\"contentUrl\":\"https:\/\/nextcloud.com\/c\/uploads\/2022\/10\/nextcloud-logo-blue-transparent.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"Nextcloud\"},\"image\":{\"@id\":\"https:\/\/nextcloud.com\/es\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Nextclouders\/\",\"https:\/\/x.com\/nextclouders\",\"https:\/\/www.linkedin.com\/company\/10827569\/\",\"https:\/\/youtube.com\/nextcloud\",\"https:\/\/www.instagram.com\/nextclouders\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Threat model - Nextcloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nextcloud.com\/es\/security\/threat-model\/","og_locale":"es_ES","og_type":"article","og_title":"Threat model - Nextcloud","og_description":"[vc_section el_class=\u00bbtitlebar about_us nc-section-gradient-bg\u00bb][vc_row content_placement=\u00bbmiddle\u00bb][vc_column width=\u00bb2\/3″ css=\u00bb.vc_custom_1670934972957{padding-top: 2rem !important;}\u00bb][vc_column_text css=\u00bb\u00bb el_class=\u00bbpage-title centerMobile\u00bb] Threat model & accepted risks [\/vc_column_text][vc_column_text css=\u00bb.vc_custom_1728289511316{margin-bottom: 0px !important;}\u00bb el_class=\u00bbpage-subtitle centerMobile\u00bb]This page is constantly evolving. So check back over time to see new additions. [\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/3″][\/vc_column][\/vc_row][\/vc_section][vc_section el_class=\u00bbnc_default_section\u00bb][vc_row equal_height=\u00bbyes\u00bb css=\u00bb.vc_custom_1662476609904{margin-bottom: 2rem !important;}\u00bb][vc_column][vc_column_text css=\u00bb.vc_custom_1665128736737{margin-bottom: 2rem !important;}\u00bb] Security overview\u00a0\u00a0|\u00a0\u00a0Security Advisories [\/vc_column_text][\/vc_column][vc_column width=\u00bb1\/2″ el_id=\u00bbadmin_privileges\u00bb el_class=\u00bbcopy_element_link\u00bb][vc_icon use_svg=\u00bbyes\u00bb icon_fontawesome=\u00bb\u00bb […]","og_url":"https:\/\/nextcloud.com\/es\/security\/threat-model\/","og_site_name":"Nextcloud","article_publisher":"https:\/\/www.facebook.com\/Nextclouders\/","article_modified_time":"2026-02-02T07:19:26+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/nextcloud.com\/c\/uploads\/2026\/01\/nextcloud-home-featured-image.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@nextclouders","twitter_misc":{"Tiempo de lectura":"9 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/nextcloud.com\/es\/security\/threat-model\/","url":"https:\/\/nextcloud.com\/es\/security\/threat-model\/","name":"Threat model - Nextcloud","isPartOf":{"@id":"https:\/\/nextcloud.com\/es\/#website"},"datePublished":"2022-09-07T07:51:07+00:00","dateModified":"2026-02-02T07:19:26+00:00","breadcrumb":{"@id":"https:\/\/nextcloud.com\/es\/security\/threat-model\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nextcloud.com\/es\/security\/threat-model\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nextcloud.com\/es\/security\/threat-model\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nextcloud.com\/es\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/nextcloud.com\/es\/security\/"},{"@type":"ListItem","position":3,"name":"Threat model"}]},{"@type":"WebSite","@id":"https:\/\/nextcloud.com\/es\/#website","url":"https:\/\/nextcloud.com\/es\/","name":"Nextcloud","description":"Regain control over your data","publisher":{"@id":"https:\/\/nextcloud.com\/es\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nextcloud.com\/es\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/nextcloud.com\/es\/#organization","name":"Nextcloud","url":"https:\/\/nextcloud.com\/es\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/nextcloud.com\/es\/#\/schema\/logo\/image\/","url":"https:\/\/nextcloud.com\/c\/uploads\/2022\/10\/nextcloud-logo-blue-transparent.svg","contentUrl":"https:\/\/nextcloud.com\/c\/uploads\/2022\/10\/nextcloud-logo-blue-transparent.svg","width":"1024","height":"1024","caption":"Nextcloud"},"image":{"@id":"https:\/\/nextcloud.com\/es\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Nextclouders\/","https:\/\/x.com\/nextclouders","https:\/\/www.linkedin.com\/company\/10827569\/","https:\/\/youtube.com\/nextcloud","https:\/\/www.instagram.com\/nextclouders\/"]}]}},"_links":{"self":[{"href":"https:\/\/nextcloud.com\/es\/wp-json\/wp\/v2\/pages\/56441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nextcloud.com\/es\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nextcloud.com\/es\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nextcloud.com\/es\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/nextcloud.com\/es\/wp-json\/wp\/v2\/comments?post=56441"}],"version-history":[{"count":11,"href":"https:\/\/nextcloud.com\/es\/wp-json\/wp\/v2\/pages\/56441\/revisions"}],"predecessor-version":[{"id":371371,"href":"https:\/\/nextcloud.com\/es\/wp-json\/wp\/v2\/pages\/56441\/revisions\/371371"}],"up":[{"embeddable":true,"href":"https:\/\/nextcloud.com\/es\/wp-json\/wp\/v2\/pages\/2255"}],"wp:attachment":[{"href":"https:\/\/nextcloud.com\/es\/wp-json\/wp\/v2\/media?parent=56441"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nextcloud.com\/es\/wp-json\/wp\/v2\/tags?post=56441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}