CVE-2026-25699
Last modified
CVE-2026-25699 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and its revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue.. EPSS estimates a 0.41% chance of exploitation in the next 30 days.
Description
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and its revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Answer | < 2.0.1 |
References
- https://lists.apache.org/thread/c36k4hzwhncqo0qfn5fg57f1gkjhyfv8Mailing List, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2026/06/09/6Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-25699?
How severe is CVE-2026-25699?
How do I fix CVE-2026-25699?
Are you affected by CVE-2026-25699?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST