What is the CVSS score of CVE-2026-25700?

CVE-2026-25700 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Which versions of Apache Answer are affected by CVE-2026-25700?

Apache Answer deployments running version 2.0.0 or earlier contain a privilege persistence flaw allowing deactivated, suspended, or deleted administrator accounts to maintain full administrative…

How to fix or mitigate CVE-2026-25700?

24 hours: Inventory all Apache Answer deployments and versions; audit administrative API logs for activity from deactivated or deleted accounts; escalate any suspicious admin access to incident response. 7 days: Deploy real-time alerting for administrative API calls from inactive accounts; implement forced token invalidation upon account deactivation (if supported by platform); conduct complete access review of all administrator accounts. 30 days: Establish upgrade timeline to Apache Answer 2.0.1 or later once available; implement additional authentication verification for administrative API endpoints; document and enforce new admin lifecycle procedures requiring forced re-authentication upon any account state change.

Apache Answer CVE-2026-25700

EUVD-2026-36059 HIGH

Improper Restriction of Security Token Assignment (CWE-1259)

2026-06-10 apache

GHSA-4gw2-vg4x-7p29

Information Disclosure Apache

7.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.2 HIGH

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 10, 2026 - 18:31 vuln.today

CVSS changed

Jun 10, 2026 - 17:22 NVD

7.2 (HIGH)

CVE Published

Jun 10, 2026 - 14:57 nvd

HIGH 7.2

CVE Published

Jun 10, 2026 - 14:57 nvd

UNKNOWN (no severity yet)

DescriptionCVE.org

Improper Restriction of Security Token Assignment vulnerability in Apache Answer.

This issue affects Apache Answer: through 2.0.0.

Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until the token expired. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Articles & Coverage 1

News 12 New Apache Vulnerabilities - 6 Critical, 6 High Severity Jun 11, 2026

AnalysisAI

Privilege persistence in Apache Answer through version 2.0.0 allows suspended, deleted, or deactivated administrator accounts to retain access to administrative APIs because previously issued tokens are not invalidated upon account state change. The flaw requires high-privilege access to obtain a token initially and carries a CVSS 7.2 with full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis and SSVC marks exploitation as none.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain admin token while account active

Delivery

Account suspended or deleted by operator

Exploit

Continue calling admin API with retained token

Execution

Server skips account-state revocation check

Persist

Modify configuration or exfiltrate data

Impact

Maintain access until token TTL expires

Access

Obtain admin token while account active

Delivery

Account suspended or deleted by operator

Exploit

Continue calling admin API with retained token

Execution

Server skips account-state revocation check

Persist

Modify configuration or exfiltrate data

Impact

Maintain access until token TTL expires

Vulnerability AssessmentAI

Exploitation	Exploitation requires the attacker to possess a previously issued administrative token from Apache Answer 2.0.0 or earlier, obtained while the associated account was in good standing (CVSS PR:H). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Signals are mixed and skew lower than the 7.2 CVSS suggests for most defenders. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An organization off-boards a compromised or departing administrator by suspending their Apache Answer account, assuming this revokes access. The former admin (or anyone who captured their token) continues calling administrative endpoints - modifying site configuration, deleting content, or exfiltrating user data - using the still-valid bearer token until it expires naturally. …
Remediation	Vendor-released patch: upgrade to Apache Answer 2.0.1, which the advisory at https://lists.apache.org/thread/ftw52mlxknjm29vo1mnqovj53z2kh96y identifies as the fixed release. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all Apache Answer deployments and versions; audit administrative API logs for activity from deactivated or deleted accounts; escalate any suspicious admin access to incident response. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-25700 vulnerability details – vuln.today

Back

Apache Answer CVE-2026-25700

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Articles & Coverage 1

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code