Path Traversal Vulnerability in Apache OpenMeetings Affects User Data
CVE-2026-49488

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
14 July 2026

What is CVE-2026-49488?

A path traversal vulnerability in Apache OpenMeetings allows attackers with moderator rights to read arbitrary files accessible to the server's operating system account. This can lead to exposure of sensitive information, including user credentials and secret files, through crafted download requests. Users should upgrade to version 9.1.0 or later to mitigate this risk.

Affected Version(s)

Apache OpenMeetings 5.0.0 < 9.1.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

follycat and Y0n3er
.