Summary
An attacker with physical access can gain access to the chat messages and files of the user by calling the victim phone while its in locked state.
This happens because the app did not properly detect the lockscreen state when a call was incoming.
Nextcloud was able to fix this by enabling the Keyguard on the Talk app.
References
https://hackerone.com/reports/1338781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41181
https://github.com/nextcloud/talk-android/pull/1585
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-497c-c8hx-6qcf