PT-2026-6207 · Apache · Apache Answer

Sho Odagiri

Publicado

2026-02-04

Atualizado

2026-02-09

CVE-2026-24735

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Answer versions through 1.7.1 github.com/apache/answer versions prior to 2.0.0

Description An issue exists in Apache Answer where an unauthenticated API endpoint incorrectly exposes the full revision history of deleted content. This allows an unauthorized user to retrieve restricted or sensitive information. Approximately 8.5K services are estimated to be affected worldwide. The vulnerable endpoint allows access to data that should be restricted.

Recommendations Upgrade to version 2.0.0 to resolve the issue for Apache Answer versions through 1.7.1. Upgrade to version 2.0.0 to resolve the issue for github.com/apache/answer versions prior to 2.0.0.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-359

Identificadores relacionados

CVE-2026-24735

GHSA-5W5R-8XC6-2XHW

GO-2026-4421

SUSE-SU-2026:0403-1

Produtos afetados

Apache Answer

PT-2026-6207 · Apache · Apache Answer

CVE-2026-24735

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 93