CVE-2026-25699
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
CVE-2026-25699 in Apache Answer exposes private personal information to unauthorized actors. Versions up to 2.0.0 lack proper authorization checks in timeline-related APIs, allowing authenticated users to access deleted, private, or unapproved content and its revision history.
Risk Assessment
Organizations may be at risk of leaking sensitive personal data, leading to privacy violations and potential legal consequences.
Recommendation
It is recommended to upgrade to version 2.0.1, which fixes the issue.
Original NVD description (English source)
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and its revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

