CVE Catalog

CVE-2026-25699

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

8th percentile - higher than 8% of all known CVEs

Summary

CVE-2026-25699 in Apache Answer exposes private personal information to unauthorized actors. Versions up to 2.0.0 lack proper authorization checks in timeline-related APIs, allowing authenticated users to access deleted, private, or unapproved content and its revision history.

Risk Assessment

Organizations may be at risk of leaking sensitive personal data, leading to privacy violations and potential legal consequences.

Recommendation

It is recommended to upgrade to version 2.0.1, which fixes the issue.

Original NVD description (English source)

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and its revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS