CVE Catalog

CVE-2026-34031

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

8th percentile - higher than 8% of all known CVEs

Summary

The vulnerability in Apache Answer allows unrestricted upload of files with dangerous types. This issue affects versions up to 2.0.0 and is due to insufficient validation of user-supplied image URLs.

Risk Assessment

Improper validation of URLs may lead to embedding malicious content, exposing users to unintended external requests and tracking by third-party servers.

Recommendation

It is recommended to upgrade to version 2.0.1, which fixes the issue.

Original NVD description (English source)

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to unintended external requests and tracking by third-party servers. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS