Home > Vulnerability Database > CVE-2026-25519

Mend.io Vulnerability Database

CVE-2026-25519

Good to know:

Date: February 4, 2026

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external IDP. For users synced to OpenSlides via an external IDP, there is an incorrect access control regarding the local login of these users. Users can successfully login using the local login form and the OpenSlides username of a SAML user and a trivial password. This password is valid for all SAML users. This issue has been patched in version 4.2.29.

Severity Score

8.1

Related Resources (6)

Url: https://github.com/OpenSlides/openslides-auth-service/commit/70c1aa9f5e1db59ec120ecce98d1c1169350a4ee

Url: https://github.com/OpenSlides/OpenSlides/releases/tag/4.2.29

Url: https://github.com/OpenSlides/openslides-auth-service/pull/889

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-25519

Url: https://github.com/OpenSlides/OpenSlides/security/advisories/GHSA-vv4h-8wfc-pf8c

Url: https://www.mend.io/vulnerability-database/CVE-2026-25519

Severity Score

8.1

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version https://github.com/OpenSlides/openslides-auth-service.git - 4.2.29

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-25519

Good to know:

Date: February 4, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?