CVE-2026-24735
BaseFortify
Publication date: 2026-02-04
Last updated on: 2026-02-06
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | answer | to 2.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Apache Answer versions up to 1.7.1 involves an unauthenticated API endpoint that incorrectly exposes the full revision history for deleted content.
Because of this flaw, unauthorized users can retrieve restricted or sensitive information that should not be accessible to them.
The issue is fixed in version 2.0.0, which users are recommended to upgrade to.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of private or sensitive information by allowing unauthenticated users to access the full revision history of deleted content.
Such exposure can result in data breaches, loss of confidentiality, and potential misuse of the exposed information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache Answer to version 2.0.0, which fixes the issue.