Proxy re-encryption acts an important role in secure data sharing in cloud storage. There are many variants of proxy re-encryption until now, in this paper we focus on the timed-realise conditional proxy broadcast re-encryption. In this primitive, if and only the condition and time satisfied the requirement, the proxy can re-encrypt the delegator(broadcast encryption set)’s ciphertext to be the delegatee(another broadcast encryption set)’s ciphertext. Chosen cipertext security (CCA-security) is an important security notion for encryption scheme. In the security model of CCA-security, the adversary can query the decryption oracle to get help, with the only restriction the challenge ciphertext can not be queried to the decryption oracle. For CCA-security of time-realised conditional proxy broadcast re-encryption, the situation is more complicated for this time the adversary can not only get the decryption oracle of normal ciphertext but also the decryption oracle of the re-encrypted ciphertext and the re-encrypted key generation oracle. In 2013, Liang et al. proposed a CCA-secure time-realised conditional proxy broadcast re-encryption scheme, in this paper, we show their proposal is not CCA-secure in the security model of CCA-secure time-realised conditional proxy broadcast re-encryption. © Springer Nature Switzerland AG 2019.