← volver
CVE-2026-25699

Apache Answer: Authorization Bypass in Timeline API

CVSS 6.1 MEDIUMEPSS 0.4%CWE-359
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
09 jun 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and its revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Apache Software Foundation · Apache Answer

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.apache.org/thread/c36k4hzwhncqo0qfn5fg57f1gkjhyfv8http://www.openwall.com/lists/oss-security/2026/06/09/6