4.3

CVE-2026-33005

EPSS 0.14%
Veröffentlicht 09.04.2026 15:52:50
Zuletzt bearbeitet 15.04.2026 15:27:05
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache OpenMeetings: Insufficient checks in FileWebService

Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings.

Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object.

This issue affects Apache OpenMeetings: from 3.10 before 9.0.0.

Users are recommended to upgrade to version 9.0.0, which fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Openmeetings Version >= 3.1.0 < 9.0.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.329

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-274 Improper Handling of Insufficient Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/apache/openmeetings/db/dto/file/FileItemDTO.html

Product

https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2026/04/09/10

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2026-33005

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33005

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33005

EUVD