Perceptive Security
SOC/SIEM Consultancy
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.…
Published:
3 February 2026 at 23:00:00
Alert date:
4 February 2026 at 22:01:55
Source:
nvd.nist.gov
Web Technologies, Identity & Access, Enterprise Applications
OpenSlides, a web-based presentation and assembly system, contains an authentication bypass vulnerability in versions prior to 4.2.29. The vulnerability affects users synced from external SAML identity providers, allowing attackers to bypass authentication by using the SAML username with a trivial password that works for all SAML users. This represents a critical access control flaw that could allow unauthorized access to user accounts. The issue has been patched in version 4.2.29.
Technical details
Mitigation steps:
Affected products:
OpenSlides
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-25519
https://github.com/OpenSlides/OpenSlides/releases/tag/4.2.29
https://github.com/OpenSlides/OpenSlides/security/advisories/GHSA-vv4h-8wfc-pf8c
https://github.com/OpenSlides/openslides-auth-service/commit/70c1aa9f5e1db59ec120ecce98d1c1169350a4ee
https://github.com/OpenSlides/openslides-auth-service/pull/889
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.