QSearchQSearch

CVE-2026-34905

6.5 MEDIUM

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer

Published: 2026-06-09 · Last updated: 2026-06-10

Severity and scoring

CVSS
6.5 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-200

Affected products

VendorProduct
apacheanswer

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-34031 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
  • CVE-2026-33582 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
  • CVE-2026-25699 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer (6.1 MEDIUM)
  • CVE-2026-25688 Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer (6.1 MEDIUM)
  • CVE-2026-49975 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)

Same CWE

  • CVE-2026-49219 ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
  • CVE-2026-47165 ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)
  • CVE-2026-48855 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery
  • CVE-2026-45329 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (7.1 HIGH)
  • CVE-2026-36719 An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain ... (7.5 HIGH)