CVE-2026-34033
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
CVE-2026-34033 is a vulnerability related to improper neutralization of script-related HTML tags in Apache Answer up to version 2.0.0. It allows authenticated users to inject arbitrary HTML into emails sent to other users.
Risk Assessment
The risk associated with this vulnerability is the potential for malicious HTML code injection, which could lead to XSS attacks and compromise user privacy.
Recommendation
It is recommended to upgrade to version 2.0.1, which fixes the issue.
Original NVD description (English source)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML into emails sent to other users. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

