PatchSiren cyber security CVE debrief
CVE-2026-34905 Apache CVE debrief
CVE-2026-34905 is a MEDIUM-severity vulnerability in Apache Answer, a question-and-answer platform. The issue affects Apache Answer through version 2.0.0 and allows authenticated users to discover and access unlisted questions, their answers, comments, and revision history due to insufficient access restrictions on direct API endpoints for unlisted questions. The CVSS score for this vulnerability is 6.5.
- Vendor
- Apache
- Product
- Answer
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of Apache Answer through version 2.0.0 should be aware of this vulnerability and take action to mitigate it.
Technical summary
The unlisted question feature in Apache Answer did not enforce access restrictions on direct API endpoints. This allowed authenticated users to discover and access unlisted questions, their answers, comments, and revision history.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to Apache Answer version 2.0.1 or later.
Evidence notes
The CVE-2026-34905 vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
Official resources
-
CVE-2026-34905 CVE record
CVE.org
-
CVE-2026-34905 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory
-
Source reference
af854a3a-2127-422b-91ae-364da2661108 - Issue Tracking
CVE-2026-34905 was published on 2026-06-09T09:16:29.537Z and modified on 2026-06-10T13:28:00.587Z.