🔐 CVE Alert

CVE-2026-34020

HIGH 7.5

Apache OpenMeetings: Login Credentials Passed via GET Query Parameters

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
4th

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.

CWE CWE-598
Vendor apache software foundation
Product apache openmeetings
Published Apr 9, 2026
Last Updated Apr 10, 2026
Stay Ahead of the Next One

Get instant alerts for apache software foundation apache openmeetings

Be the first to know when new high vulnerabilities affecting apache software foundation apache openmeetings are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache OpenMeetings
3.1.3 < 9.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗
owasp.org: https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url lists.apache.org: https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db openwall.com: http://www.openwall.com/lists/oss-security/2026/04/09/12

Credits

4ra2n (A code security AI agent)