CVE-2026-34905
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A vulnerability in Apache Answer allows unauthorized users to access sensitive information, such as unlisted questions, answers, comments, and revision history. The issue affects versions up to 2.0.0.
Risk Assessment
The organization may be exposed to the disclosure of confidential data, potentially leading to privacy breaches and loss of trust.
Recommendation
It is recommended to upgrade to version 2.0.1, which fixes the issue.
Original NVD description (English source)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

