Apache Answer: Authorization Bypass in Timeline API_CVE-2026-25699

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.

This issue affects Apache Answer: through 2.0.0.

Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and its revision history.
Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Basic Information

ID CVE-2026-25699

Source apache

Published Jun 9, 2026 at 07:33

Modified Jun 9, 2026 at 14:58

Affected Product

Vendor Apache Software Foundation

Product Apache Answer

Affected Versions Apache Software Foundation Apache Answer 0

CWE Classification

CWE-359

References

lists.apache.org /thread/c36k4hzwhncqo0qfn5fg57f1gkjhyfv8

{
    "lastseen": "",
    "description": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 2.0.0.\n\nTimeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and its revision history.\nUsers are recommended to upgrade to version 2.0.1, which fixes the issue.",
    "published": "2026-06-09T07:33:18.349Z",
    "modified": "2026-06-09T14:58:00.387Z",
    "type": "cve",
    "title": "Apache Answer: Authorization Bypass in Timeline API",
    "source": "apache",
    "references": "https://lists.apache.org/thread/c36k4hzwhncqo0qfn5fg57f1gkjhyfv8",
    "id": "CVE-2026-25699",
    "bulletinFamily": "",
    "cwe": [
        "CWE-359"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Answer 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Answer",
    "version": "0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}