7.5

CVE-2026-34020

Apache OpenMeetings: Login Credentials Passed via GET Query Parameters

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.

The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact


This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.

Users are recommended to upgrade to version 9.0.0, which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheOpenmeetings Version >= 3.1.3 < 9.0.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.393
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-598 Use of HTTP Request With Sensitive Query String

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url
Not Applicable
https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db
Vendor Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2026/04/09/12
Third Party Advisory
Mailing List