CVE-2026-34031
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
The vulnerability in Apache Answer allows unrestricted upload of files with dangerous types. This issue affects versions up to 2.0.0 and is due to insufficient validation of user-supplied image URLs.
Risk Assessment
Improper validation of URLs may lead to embedding malicious content, exposing users to unintended external requests and tracking by third-party servers.
Recommendation
It is recommended to upgrade to version 2.0.1, which fixes the issue.
Original NVD description (English source)
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to unintended external requests and tracking by third-party servers. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

