Apache Answer: Revision API Improper Access Control leads to Information...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.7.1.

An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or sensitive information.
Users are recommended to upgrade to version 2.0.0, which fixes the issue.

Basic Information

ID CVE-2026-24735

Source apache

Published Feb 4, 2026 at 10:41

Modified Feb 4, 2026 at 15:43

Affected Product

Vendor Apache Software Foundation

Product Apache Answer

Affected Versions Apache Software Foundation Apache Answer 0

CWE Classification

CWE-359

References

lists.apache.org /thread/whxloom7mpxlyt5wzdskflsg5mzdzd60

{
    "lastseen": "",
    "description": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.7.1.\n\nAn unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or sensitive information.\nUsers are recommended to upgrade to version 2.0.0, which fixes the issue.",
    "published": "2026-02-04T10:41:58.990Z",
    "modified": "2026-02-04T15:43:47.928Z",
    "type": "cve",
    "title": "Apache Answer: Revision API Improper Access Control leads to Information Disclosure",
    "source": "apache",
    "references": "https://lists.apache.org/thread/whxloom7mpxlyt5wzdskflsg5mzdzd60",
    "id": "CVE-2026-24735",
    "bulletinFamily": "",
    "cwe": [
        "CWE-359"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Answer 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Answer",
    "version": "0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Apache Answer: Revision API Improper Access Control leads to Information Disclosure_CVE-2026-24735