CVE Catalog

CVE-2026-34033

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile - higher than 9% of all known CVEs

Summary

CVE-2026-34033 is a vulnerability related to improper neutralization of script-related HTML tags in Apache Answer up to version 2.0.0. It allows authenticated users to inject arbitrary HTML into emails sent to other users.

Risk Assessment

The risk associated with this vulnerability is the potential for malicious HTML code injection, which could lead to XSS attacks and compromise user privacy.

Recommendation

It is recommended to upgrade to version 2.0.1, which fixes the issue.

Original NVD description (English source)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML into emails sent to other users. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS