Path Traversal Vulnerability in Apache OpenMeetings Affects User Data
CVE-2026-49488
Currently unrated
What is CVE-2026-49488?
A path traversal vulnerability in Apache OpenMeetings allows attackers with moderator rights to read arbitrary files accessible to the server's operating system account. This can lead to exposure of sensitive information, including user credentials and secret files, through crafted download requests. Users should upgrade to version 9.1.0 or later to mitigate this risk.
Affected Version(s)
Apache OpenMeetings 5.0.0 < 9.1.0