Skip to main content

Apache Answer CVE-2026-25699

| EUVD-2026-35368 MEDIUM
Exposure of Private Personal Information to an Unauthorized Actor (CWE-359)
2026-06-09 GHSA-w754-5646-xq9j
Authentication Bypass Apache
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
CVSS changed
Jun 09, 2026 - 16:22 NVD
6.1 (MEDIUM)
Analysis Generated
Jun 09, 2026 - 08:16 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

Articles & Coverage 1

News Critical Information Disclosure in Apache Answer 2.0.0 - CVE-2026-25699 Jun 09, 2026

AnalysisAI

Apache Answer's Timeline API endpoints through version 2.0.0 fail to enforce authorization, exposing deleted, private, and unapproved content - along with full revision histories - to any authenticated regular user. The vulnerability is an information disclosure flaw affecting all Apache Answer deployments (community forums, help centers, knowledge platforms) running 2.0.0 or earlier. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register or obtain regular user account
Delivery
Authenticate to Apache Answer instance
Exploit
Enumerate content object IDs
Execution
Send requests to Timeline API endpoints
Persist
Retrieve deleted, private, or unapproved content
Impact
Exfiltrate sensitive data and revision histories
Sign in to reveal

Vulnerability AssessmentAI

Exploitation A valid regular user account on the target Apache Answer instance is required - unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS vector or EPSS score was included in the available data, preventing quantitative risk scoring. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a standard user account on an Apache Answer instance running 2.0.0 or earlier - or uses an existing credential - then issues direct HTTP requests to the timeline API endpoints with IDs of content objects they should not be permitted to view. By enumerating content identifiers, the attacker retrieves deleted posts that moderators removed, private questions restricted to specific users, pending unapproved submissions, and the full revision history of any such content. …
Remediation Upgrade to Apache Answer version 2.0.1, which is confirmed by the vendor's oss-security advisory as the definitive fix for the missing authorization checks in the Timeline API. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Inventory all Apache Answer instances and current versions; disable user self-registration if operationally feasible; search access logs for Timeline API requests from non-administrative accounts. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-25699 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy