CVE-2026-25700
Last modified
CVE-2026-25700 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until the token expired. Users are recommended to upgrade to version 2.0.1, which fixes the issue.. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until the token expired. Users are recommended to upgrade to version 2.0.1, which fixes the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Answer | < 2.0.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-25700?
How severe is CVE-2026-25700?
How do I fix CVE-2026-25700?
Are you affected by CVE-2026-25700?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST