CVE-2026-34020 | THREATINT

Description

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.

PUBLISHED Reserved 2026-03-25 | Published 2026-04-09 | Updated 2026-04-10 | Assigner apache

Problem types

CWE-598 Use of GET Request Method With Sensitive Query Strings

Product status

Default status

unaffected

3.1.3 (semver) before 9.0.0

affected

Credits

4ra2n (A code security AI agent) finder

References

www.openwall.com/lists/oss-security/2026/04/09/12

owasp.org/...formation_exposure_through_query_strings_in_url related

lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db vendor-advisory

cve.org (CVE-2026-34020)

nvd.nist.gov (CVE-2026-34020)

Download JSON