PT-2026-58016 · Apache · Apache Openmeetings+1

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-49488

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OpenMeetings.
This issue affects Apache OpenMeetings: from 5.0.0 before 9.1.0. An attacker with moderator rights in any room can read arbitrary files accessible to the OS account running the OM server, including credentials and secrets, via a crafted download request.
Users are recommended to upgrade to version 9.1.0, which fixes the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-49488

Affected Products

Apache Openmeetings
Openmeetings