Description

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.

INFO

Published Date :

2026-04-09T15:52:06.599Z

Last Modified :

2026-04-10T20:13:47.789Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34020 vulnerability.

Vendors Products
Apache
  • Openmeetings
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34020.

URL Resource
http://www.openwall.com/lists/oss-security/2026/04/09/12 cve-icon
https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db cve-icon cve-icon
https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact