nextcloud is vulnerable to arbitrary code execution. If a user received a malicious file share and has it synced locally or the virtual file system enabled and clicked a nc://open/
link it will open the default editor for the file type of the shared file, which on windows means that a file depending on the type, e.g. vbs
, is being executed.