Vulnerability in Apache Software Foundation Openmeetings
CVE-2026-33266
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default enc…
EPSS: 0.001 (17.4th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Openmeetings — versions 6.1.0
Weakness classification (CWE)
References
- lists.apache.org/thread/b05jnp9563v49zq494lox9kjbhhf2w66 (vendor-advisory)