PatchSiren cyber security CVE debrief
CVE-2026-25700 Apache CVE debrief
CVE-2026-25700 is a HIGH severity vulnerability in Apache Answer, with a CVSS score of 7.2. The vulnerability is caused by improper restriction of security token assignment, allowing previously issued administrative tokens to remain valid even after an administrator account was suspended, deleted, or deactivated. This issue affects Apache Answer through version 2.0.0. Users are recommended to upgrade to version 2.0.1, which fixes the issue.
- Vendor
- Apache
- Product
- Answer
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-12
Who should care
Users of Apache Answer through version 2.0.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by improper restriction of security token assignment in Apache Answer. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until the token expired.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to version 2.0.1 of Apache Answer.
Evidence notes
The CVE-2026-25700 CVE record [cve-org] and NVD detail [nvd] provide information on this vulnerability.
Official resources
-
CVE-2026-25700 CVE record
CVE.org
-
CVE-2026-25700 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mailing List, Vendor Advisory
CVE-2026-25700 was published on 2026-06-10T16:16:58.743Z and modified on 2026-06-12T00:50:20.123Z.