CVE-2026-34020

UNKNOWN View on NVD ↗

Description

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.

References

https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db
https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url
http://www.openwall.com/lists/oss-security/2026/04/09/12

Published: Apr 09, 2026 16:16 UTC Modified: Apr 09, 2026 17:16 UTC