Nonprivileged account can perform update during maintenance mode

Hello everybody,

I have written a small command line program to do some small tasks in my Nextcloud installation. During the last update (SFTP Upload) Nextcloud started the maintenance mode. So far so good…

But: at the same time a non-privileged (but valid) account of a customer was logged in and he got the maintenance mode message, and he could start the update.

Why a customer account without any admin rights can execute the update? I am a bit confused. Is this a normal behavior?

Screenshot I received from the customer

Nextcloud version: 15.0.2

This looks like a bug. Did you report?