CVE-2026-34020

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions 3.1.3 through 8.9.99

Description The REST login endpoint uses the HTTP GET method, transmitting the username and password as query parameters. This practice exposes sensitive credentials in server logs, browser history, and potentially through network monitoring.

Recommendations Upgrade to version 9.0.0.