PatchSiren cyber security CVE debrief
CVE-2026-25699 Apache CVE debrief
CVE-2026-25699 is a MEDIUM severity vulnerability in Apache Answer through 2.0.0. The issue arises from timeline-related APIs lacking proper authorization checks, which allowed regular authenticated users to access deleted, private, or unapproved content and its revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue. The vulnerability has a CVSS score of 6.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-25699).
- Vendor
- Apache
- Product
- Answer
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of Apache Answer through version 2.0.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper authorization checks in timeline-related APIs. This allows regular authenticated users to access deleted, private, or unapproved content and its revision history.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to version 2.0.1 of Apache Answer.
Evidence notes
The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-25699) and has a CVSS score of 6.1.
Official resources
-
CVE-2026-25699 CVE record
CVE.org
-
CVE-2026-25699 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mailing List, Vendor Advisory
-
Mitigation or vendor reference
af854a3a-2127-422b-91ae-364da2661108 - Mailing List, Third Party Advisory
CVE-2026-25699 was published on 2026-06-09T09:16:28.913Z and modified on 2026-06-10T13:38:12.950Z.