CVE-2026-24735
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2026-24735, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-04

Last updated on: 2026-02-06

Assigner: Apache Software Foundation

Description

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or sensitive information. Users are recommended to upgrade to version 2.0.0, which fixes the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-04
Last Modified
2026-02-06
Generated
2026-07-06
AI Q&A
2026-02-04
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
apache answer to 2.0.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-359 The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Apache Answer versions up to 1.7.1 involves an unauthenticated API endpoint that incorrectly exposes the full revision history for deleted content.

Because of this flaw, unauthorized users can retrieve restricted or sensitive information that should not be accessible to them.

The issue is fixed in version 2.0.0, which users are recommended to upgrade to.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of private or sensitive information by allowing unauthenticated users to access the full revision history of deleted content.

Such exposure can result in data breaches, loss of confidentiality, and potential misuse of the exposed information.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

Users are recommended to upgrade Apache Answer to version 2.0.0, which fixes the issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24735. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart