I agree it’s maybe not the best to read about security issues in the newspaper… but for the vendor it’s always a hard decision - “should I proactively inform admins/users about existing security holes and potentially attract attackers” - this problem is even bigger with OSS - security patches available as public source code reveal where security hole existed before the patch. for this reason CVE usually become public only after reasonable delay and patches available and widely distributed…
Now as the issues have been addressed in 26.0.0 and 26.0.1 I don’t see a big deal with it. The conclusion remains “keep your system patched all the times”
Definitely a good idea to take a look at GitHub - nextcloud/security-advisories: 👮 Security advisories of Nextcloud
For the reference: CVE-2023-32319 CVE-2023-32318
Generic guide for secure Nextcloud installation
https://help.nextcloud.com/t/how-to-maintain-check-and-improve-the-security-of-your-nextcloud-installation