CVE-2026-24735

HIGH

Apache Answer <2.0.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or sensitive information. Users are recommended to upgrade to version 2.0.0, which fixes the issue.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.apache.org/thread/whxloom7mpxlyt5wzdskflsg5mzdzd60
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/02/04/1

Scores

CVSS v3 7.5
EPSS 0.0062
EPSS Percentile 44.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-359
Status published
Products (2)
apache/answer < 2.0.0
apache/answer 0 - 2.0.0Go
Published Feb 04, 2026
Tracked Since Feb 18, 2026