CVE-2026-25519CRITICAL 9.8EPSS p38.3%

CVE-2026-25519CVE-2026-25519

Description

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external IDP. For users synced to OpenSlides via an external IDP, there is an incorrect access control regarding the local login of these users. Users can successfully login using the local login form and the OpenSlides username of a SAML user and a trivial password. This password is valid for all SAML users. This issue has been patched in version 4.2.29.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.49% probability of exploitation · percentile 38.3% · 2026-06-18T12:00:27Z
Published2026-02-04
Last modified2026-02-18

Underlying weaknesses· 1

CWE-284

References

  1. https://github.com/OpenSlides/OpenSlides/releases/tag/4.2.29
  2. https://github.com/OpenSlides/OpenSlides/security/advisories/GHSA-vv4h-8wfc-pf8c
  3. https://github.com/OpenSlides/openslides-auth-service/commit/70c1aa9f5e1db59ec120ecce98d1c1169350a4ee
  4. https://github.com/OpenSlides/openslides-auth-service/pull/889

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-3047
CVE
CVE-2026-5343
CVE
CVE-2026-2603
CVE
CVE-2026-2628
CVE
CVE-2025-23389
CVE
CVE-2026-45156
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.