GHSA-436m-m73c-vq4g
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Network-delivered via crafted HTTP request; PR:L for required room moderator privilege; read-only impact so I:N and A:N.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4Description PRE-NVD
AnalysisAI
Arbitrary file read in Apache OpenMeetings 5.0.0 through 9.0.x allows any room moderator to exfiltrate files accessible to the OS account running the server, including credentials and secrets, via a crafted download request to the WhiteBoard download service. The vulnerability stems from insufficient path validation in the WB download endpoint, enabling directory traversal outside the intended file scope. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold moderator rights in any room on the target Apache OpenMeetings instance - this is the key privilege gate. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No vendor-provided CVSS vector accompanies this CVE, so risk signals are limited. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers an account on an OpenMeetings instance that permits self-registration, creates or joins a room where they hold or can obtain moderator rights, and then sends a crafted HTTP download request to the WhiteBoard download endpoint with a path traversal sequence (e.g., ../../etc/passwd or paths to application configuration files containing database credentials). The server processes the request without sufficient path restriction and returns the contents of the targeted file, allowing the attacker to harvest secrets and pivot to deeper system compromise. … |
| Remediation | Upgrade Apache OpenMeetings to version 9.1.0, which was released on 2026-07-08 and explicitly fixes CVE-2026-49488 by adding additional security checks in the WB download service. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all internet-exposed OpenMeetings instances running versions 5.0.0-9.0.x and immediately restrict room moderator role assignments to essential trusted users only; enable detailed logging and alerting on the WhiteBoard download endpoint (/download) to detect directory traversal attempts. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Openmeetings
View allDirectory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. Ra
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack. Rated critical s
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. Rated critical severity (CVSS 10.0), t
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget pas
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attac
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MI
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely
Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted
An attacker that has gained access to certain private information can use this to act as other user. Rated high severity
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. Rated high severity (CVSS 7.5), this vulnerabi
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. Rated high severity (CVSS 7.5), this vulnerabil
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43666