Vulnerability in Apache Software Foundation Openmeetings

CVE-2026-33005

Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata inclu…

EPSS: 0.001 (33.1th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Openmeetings — versions 3.1.0

Weakness classification (CWE)

CWE-274 — Improper Handling of Insufficient Privileges

References

openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/… (technical-description)
lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7 (vendor-advisory)