Description
Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532. No known workarounds are available.
Scores
CVSS v4
2.7
EPSS
0.0016
EPSS Percentile
36.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (1)
jitsi/jitsi-meet
< 2.0.10532
Published
Nov 13, 2025
Tracked Since
Feb 18, 2026