PT-2026-6207 · Apache · Apache Answer
Sho Odagiri
·
Published
2026-02-04
·
Updated
2026-02-09
·
CVE-2026-24735
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Answer versions through 1.7.1
github.com/apache/answer versions prior to 2.0.0
Description
An issue exists in Apache Answer where an unauthenticated API endpoint incorrectly exposes the full revision history of deleted content. This allows an unauthorized user to retrieve restricted or sensitive information. Approximately 8.5K services are estimated to be affected worldwide. The vulnerable endpoint allows access to data that should be restricted.
Recommendations
Upgrade to version 2.0.0 to resolve the issue for Apache Answer versions through 1.7.1.
Upgrade to version 2.0.0 to resolve the issue for github.com/apache/answer versions prior to 2.0.0.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Answer