CVE-2026-34020

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Apr 09, 2026

Vendor unknown

Description

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.

References

https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db
https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url
http://www.openwall.com/lists/oss-security/2026/04/09/12