CVE-2026-34020

import requests # PoC for CVE-2026-34020: Sensitive Query Strings in GET Request # Description: This script demonstrates how the vulnerable endpoint accepts credentials via URL parameters. # Impact: Credentials are logged in proxy/server access logs. def check_vulnerability(target_url, username, password): # Construct the vulnerable URL with credentials in query string # Example: http://target.com/rest/user/login?user=admin&pass=secret login_endpoint = "/rest/user/login" # Common endpoint path, adjust based on actual config full_url = f"{target_url}{login_endpoint}?user={username}&pass={password}" print(f"[*] Sending vulnerable GET request to: {full_url}") print("[!] WARNING: This URL may now be logged in clear text on the server or intermediate proxies.") try: response = requests.get(full_url, timeout=10) if response.status_code == 200: print(f"[+] Request sent successfully. Server responded with 200 OK.") print(f"[+] Response body preview: {response.text[:100]}") else: print(f"[-] Server responded with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error occurred: {e}") if __name__ == "__main__": # Replace with actual target details for testing target = "http://localhost:5080/openmeetings" user = "testuser" pwd = "testpassword" check_vulnerability(target, user, pwd)

{"cve": {"id": "CVE-2026-34020", "sourceIdentifier": "[email protected]", "published": "2026-04-09T16:16:27.090", "lastModified": "2026-04-15T15:21:20.030", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.\n\nThe REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact\n\n\nThis issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-598"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1.3", "versionEndExcluding": "9.0.0", "matchCriteriaId": "D575157B-A67F-474D-AD60-56D636F1AF5A"}]}]}], "references": [{"url": "https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db", "source": "[email protected]", "tags": ["Vendor Advisory", "Mailing List"]}, {"url": "https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}