top of page
perceptive_background_267k.jpg

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.…

Published:

3 februari 2026 om 23:00:00

Alert date:

4 februari 2026 om 22:01:55

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Identity & Access, Enterprise Applications

OpenSlides, a web-based presentation and assembly system, contains an authentication bypass vulnerability in versions prior to 4.2.29. The vulnerability affects users synced from external SAML identity providers, allowing attackers to bypass authentication by using the SAML username with a trivial password that works for all SAML users. This represents a critical access control flaw that could allow unauthorized access to user accounts. The issue has been patched in version 4.2.29.

Technical details

Mitigation steps:

Affected products:

OpenSlides

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-25519
https://github.com/OpenSlides/OpenSlides/releases/tag/4.2.29
https://github.com/OpenSlides/OpenSlides/security/advisories/GHSA-vv4h-8wfc-pf8c
https://github.com/OpenSlides/openslides-auth-service/commit/70c1aa9f5e1db59ec120ecce98d1c1169350a4ee
https://github.com/OpenSlides/openslides-auth-service/pull/889

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page