Vulnerability in Apache Software Foundation Openmeetings

CVE-2026-34020

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible im…

EPSS: 0.001 (22.0th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Openmeetings — versions 3.1.3

Weakness classification (CWE)

CWE-598

References

owasp.org/www-community/vulnerabilities/Information_exposure_through_query_stri… (related)
lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db (vendor-advisory)