CVE-2026-24735
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-04

Last updated on: 2026-02-06

Assigner: Apache Software Foundation

Description
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or sensitive information. Users are recommended to upgrade to version 2.0.0, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-06
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24735
EUVD
EUVD-2026-5384
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache answer to 2.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-359 The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Apache Answer versions up to 1.7.1 involves an unauthenticated API endpoint that incorrectly exposes the full revision history for deleted content.

Because of this flaw, unauthorized users can retrieve restricted or sensitive information that should not be accessible to them.

The issue is fixed in version 2.0.0, which users are recommended to upgrade to.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of private or sensitive information by allowing unauthenticated users to access the full revision history of deleted content.

Such exposure can result in data breaches, loss of confidentiality, and potential misuse of the exposed information.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

Users are recommended to upgrade Apache Answer to version 2.0.0, which fixes the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24735. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart