CVE-2026-24735: Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability

February 4, 2026

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.7.1.

An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted or sensitive information. Users are recommended to upgrade to version 2.0.0, which fixes the issue.

References

github.com/advisories/GHSA-5w5r-8xc6-2xhw
github.com/apache/answer
lists.apache.org/thread/whxloom7mpxlyt5wzdskflsg5mzdzd60
nvd.nist.gov/vuln/detail/CVE-2026-24735

Code Behaviors & Features

Detect and mitigate CVE-2026-24735 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →