CVE-2026-25688
Last modified
CVE-2026-25688 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are recommended to upgrade to version 2.0.1, which fixes the issue.. EPSS estimates a 0.41% chance of exploitation in the next 30 days.
Description
Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are recommended to upgrade to version 2.0.1, which fixes the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Answer | < 2.0.1 |
References
- https://lists.apache.org/thread/x42joj43rqb38ms5q60f7bgq3qbo7t5qMailing List, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2026/06/09/7Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-25688?
How severe is CVE-2026-25688?
How do I fix CVE-2026-25688?
Are you affected by CVE-2026-25688?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST