Skip to main content

Apache OpenMeetings EUVDEUVD-2026-43666

| CVE-2026-49488 MEDIUM
Path Traversal (CWE-22)
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-delivered via crafted HTTP request; PR:L for required room moderator privilege; read-only impact so I:N and A:N.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch available
Jul 14, 2026 - 18:20 EUVD
CVSS changed
Jul 14, 2026 - 17:07 NVD
6.5 (MEDIUM)
Analysis Generated
Jul 14, 2026 - 10:18 vuln.today
CVE Published
Jul 14, 2026 - 09:57 oss-security
HIGH

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Arbitrary file read in Apache OpenMeetings 5.0.0 through 9.0.x allows any room moderator to exfiltrate files accessible to the OS account running the server, including credentials and secrets, via a crafted download request to the WhiteBoard download service. The vulnerability stems from insufficient path validation in the WB download endpoint, enabling directory traversal outside the intended file scope. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain moderator rights in any room
Delivery
Craft path traversal download request to WB service
Exploit
Server returns arbitrary OS-readable file
Execution
Harvest credentials or secrets from response
Impact
Leverage stolen credentials for deeper compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold moderator rights in any room on the target Apache OpenMeetings instance - this is the key privilege gate. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No vendor-provided CVSS vector accompanies this CVE, so risk signals are limited. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers an account on an OpenMeetings instance that permits self-registration, creates or joins a room where they hold or can obtain moderator rights, and then sends a crafted HTTP download request to the WhiteBoard download endpoint with a path traversal sequence (e.g., ../../etc/passwd or paths to application configuration files containing database credentials). The server processes the request without sufficient path restriction and returns the contents of the targeted file, allowing the attacker to harvest secrets and pivot to deeper system compromise. …
Remediation Upgrade Apache OpenMeetings to version 9.1.0, which was released on 2026-07-08 and explicitly fixes CVE-2026-49488 by adding additional security checks in the WB download service. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all internet-exposed OpenMeetings instances running versions 5.0.0-9.0.x and immediately restrict room moderator role assignments to essential trusted users only; enable detailed logging and alerting on the WhiteBoard download endpoint (/download) to detect directory traversal attempts. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2016-0784 MEDIUM POC
6.5 Apr 11

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1

CVE-2020-13951 HIGH POC
7.5 Sep 30

Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. Ra

CVE-2016-8736 CRITICAL
9.8 Oct 12

Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack. Rated critical s

CVE-2017-7664 CRITICAL
10.0 Jul 17

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. Rated critical severity (CVSS 10.0), t

CVE-2017-7673 CRITICAL
9.8 Jul 17

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget pas

CVE-2023-28326 CRITICAL
9.8 Mar 28

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attac

CVE-2017-7666 HIGH
8.8 Jul 17

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MI

CVE-2017-7681 HIGH
8.8 Jul 17

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely

CVE-2017-7682 HIGH
8.2 Jul 17

Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted

CVE-2023-29032 HIGH
8.1 May 12

An attacker that has gained access to certain private information can use this to act as other user. Rated high severity

CVE-2017-7684 HIGH
7.5 Jul 17

Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. Rated high severity (CVSS 7.5), this vulnerabi

CVE-2017-7680 HIGH
7.5 Jul 17

Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. Rated high severity (CVSS 7.5), this vulnerabil

Share

EUVD-2026-43666 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy