EUVD-2026-35372
Information Exposure (CWE-200)
2026-06-09
GHSA-85r2-pvg8-89r9
GHSA-85r2-pvg8-89r9
6.5
CVSS 3.1 · NVD
Share
Severity by source
NVD
PRIMARY
6.5
MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Lifecycle Timeline
2
CVSS changed
Jun 09, 2026 - 16:22 NVD
6.5 (MEDIUM)
Analysis Generated
Jun 09, 2026 - 08:18 vuln.today
Description PRE-NVD
Disclosed via oss-security. NVD scoring and full description are pending.
AnalysisAI
Unauthorized information disclosure in Apache Answer through 2.0.0 allows authenticated users to bypass access restrictions on the 'unlisted question' feature by querying direct API endpoints. Rather than enforcing the same visibility controls applied at the UI layer, the underlying API routes expose unlisted questions along with their associated answers, comments, and full revision history to any authenticated user. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Access
Obtain authenticated session on Answer instance
Exploit
Identify or enumerate unlisted question ID
Execution
Send direct API request bypassing UI access check
Impact
Receive full question content, answers, comments, and revision history
Access
Obtain authenticated session on Answer instance
Exploit
Identify or enumerate unlisted question ID
Execution
Send direct API request bypassing UI access check
Impact
Receive full question content, answers, comments, and revision history
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session on the target Apache Answer instance - the attacker must hold a valid user account. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS vector was provided, so attack vector, complexity, and privilege level cannot be confirmed from scoring metadata. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated user registers or logs into an Apache Answer instance and, knowing or guessing a question ID (e.g., via sequential enumeration or a leaked URL fragment), sends a direct HTTP request to the relevant API endpoint - bypassing the UI visibility check. The API returns the full question body, all answers, comments, and revision history for the unlisted question without verifying the caller's authorization. … |
| Remediation | Upgrade to Apache Answer version 2.0.1, which is confirmed by the Apache security advisory (https://answer.apache.org) to address this issue. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).