QwikSec

Security Database

CVE

CWE

Training

CVE-2026-34020

Published: Apr 9, 2026

Modified: Apr 10, 2026

PUBLISHED

Description

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.

Vendor	Product	Versions
Apache Software Foundation	Apache OpenMeetings	affected `3.1.3 - < 9.0.0`

Weaknesses (CWE)

References

https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url

related

https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.