๐Ÿ” CVE Alert

CVE-2026-49488

MEDIUM 6.5

Apache OpenMeetings: Arbitrary File Read

CVSS Score
6.5
EPSS Score
0.7%
EPSS Percentile
50th

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OpenMeetings. This issue affects Apache OpenMeetings: from 5.0.0 before 9.1.0. An attacker with moderator rights in any room can read arbitrary files accessible to the OS account running the OM server, including credentials and secrets, via a crafted download request. Users are recommended to upgrade to version 9.1.0, which fixes the issue.

CWE CWE-22
Vendor apache software foundation
Product apache openmeetings
Published Jul 14, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for apache software foundation apache openmeetings

Be the first to know when new medium vulnerabilities affecting apache software foundation apache openmeetings are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Apache Software Foundation / Apache OpenMeetings
5.0.0 < 9.1.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
lists.apache.org: https://lists.apache.org/thread/74zf32shox9oy62b7t55mvcj874bxqnj openwall.com: http://www.openwall.com/lists/oss-security/2026/07/14/10

Credits

follycat and Y0n3er