Description
MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific API functions and obtain meeting-related information.
Published: 2026-01-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Meeting Information
Action: Apply Patch
AI Analysis

Impact

MeetingHub, a product from HAMASTAR Technology, contains a missing authentication flaw that permits attackers who are not logged in to reach certain web API endpoints and retrieve meeting details. The vulnerability is a direct consequence of improper access control (CWE-306) and enables remote actors to gain confidential information from the system, potentially exposing participant data and meeting schedules without any legitimate credential. The primary impact is a breach of confidentiality for all individuals whose meetings are stored or processed by the application.

Affected Systems

Unpatched versions of HAMASTAR Technology's MeetingHub Paperless Meetings are affected. The vendor recommends applying the patch released on 20251210 or any later version to eliminate the flaw. All deployments that use MeetingHub without this update are potentially vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, while the EPSS of less than 1% suggests a low probability of exploitation in the wild at this time. The vulnerability is not listed in the CISA Known Exploited Vulnerability catalog. Attackers can exploit the flaw remotely by sending unauthenticated HTTP or HTTPS requests to exposed API endpoints, a vector inferred from the lack of required authentication in the description. Because the flaw exposes sensitive data, it is advisable to mitigate promptly.

Generated by OpenCVE AI on April 18, 2026 at 03:50 UTC.

Remediation

Vendor Solution

Install the patch with version 20251210 or later.

OpenCVE Recommended Actions

  • Install the vendor‑supplied patch 20251210 or later to disable unauthenticated API access.
  • Configure network controls to restrict access to the MeetingHub API endpoints exclusively to trusted hosts or internal networks.
  • Verify that all API endpoints enforce authentication and authorization before processing requests, and monitor logs for any unauthenticated activity.

Generated by OpenCVE AI on April 18, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Hamastar meetinghub Paperless Meetings
CPEs cpe:2.3:a:hamastar:meetinghub_paperless_meetings:*:*:*:*:*:*:*:*
Vendors & Products Hamastar meetinghub Paperless Meetings

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Hamastar
Hamastar meetinghub
Vendors & Products Hamastar
Hamastar meetinghub

Thu, 22 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 22 Jan 2026 09:30:00 +0000

Type Values Removed Values Added
Description MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific API functions and obtain meeting-related information.
Title HAMASTAR Technology|MeetingHub - Missing Authentication
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Hamastar Meetinghub Meetinghub Paperless Meetings
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-01-22T14:18:47.073Z

Reserved: 2026-01-22T07:56:36.983Z

Link: CVE-2026-1332

cve-icon Vulnrichment

Updated: 2026-01-22T14:18:39.443Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-22T10:16:07.970

Modified: 2026-02-17T19:16:13.437

Link: CVE-2026-1332

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T04:00:08Z

Weaknesses