CVE-2026-25699

6.1 MEDIUM

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer

Published: 2026-06-09 · Last updated: 2026-06-10

Severity and scoring

CVSS: 6.1 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-359

Affected products

Vendor	Product
apache	answer

Description

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and its revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-25699
[Vendor advisory]https://lists.apache.org/thread/c36k4hzwhncqo0qfn5fg57f1gkjhyfv8
[Other]http://www.openwall.com/lists/oss-security/2026/06/09/6

Related CVEs

Same vendor

CVE-2026-34905 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer (6.5 MEDIUM)
CVE-2026-34031 — Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
CVE-2026-33582 — Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
CVE-2026-25688 — Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer (6.1 MEDIUM)
CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)

Same CWE

CVE-2026-26237 — A missing authorization vulnerability has been reported to affect QuMagie
CVE-2020-25900 — HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city (5.3 MEDIUM)
CVE-2026-8990 — A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full acc...
CVE-2025-13477 — Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operatio... (7.1 HIGH)
CVE-2026-7382 — Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerabili... (6.5 MEDIUM)