PatchSiren cyber security CVE debrief
CVE-2026-34033 Apache CVE debrief
CVE-2026-34033 is a MEDIUM severity vulnerability in Apache Answer through 2.0.0, allowing authenticated users to inject arbitrary HTML into emails sent to other users due to improper neutralization of script-related HTML tags. Users are recommended to upgrade to version 2.0.1 to fix the issue.
- Vendor
- Apache
- Product
- Answer
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Users of Apache Answer through version 2.0.0 should be aware of this vulnerability and take action to upgrade to version 2.0.1.
Technical summary
The vulnerability is caused by user-supplied content being included in notification emails without proper escaping. This allows authenticated users to inject arbitrary HTML into emails sent to other users.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to version 2.0.1 of Apache Answer.
Evidence notes
The vulnerability affects Apache Answer through version 2.0.0. The CVSS score is 5.4, indicating a MEDIUM severity vulnerability.
Official resources
-
CVE-2026-34033 CVE record
CVE.org
-
CVE-2026-34033 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Mailing List
-
Source reference
af854a3a-2127-422b-91ae-364da2661108 - Mailing List
CVE-2026-34033 was published on [2026-06-09T09:16:29.420Z](https://www.cve.org/CVERecord?id=CVE-2026-34033) and modified on [2026-06-11T15:35:48.940Z](https://nvd.nist.gov/vuln/detail/CVE-2026-34033).