CVE-2026-24735
📋 TL;DR
An unauthenticated API endpoint in Apache Answer exposes full revision history for deleted content, allowing unauthorized users to retrieve sensitive information. This affects all Apache Answer installations through version 1.7.1. The vulnerability enables access to restricted data that should remain private.
💻 Affected Systems
- Apache Answer
📦 What is this software?
Answer by Apache
⚠️ Risk & Real-World Impact
Worst Case
Mass exposure of sensitive personal information, deleted confidential content, or private user data leading to regulatory violations and reputational damage.
Likely Case
Unauthorized access to deleted posts, comments, or user information that could contain personal details or sensitive discussions.
If Mitigated
Limited exposure if system contains minimal sensitive data or if network controls block unauthenticated API access.
🎯 Exploit Status
The vulnerability requires no authentication and involves simple API calls. Attack tools could easily be developed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.0
Vendor Advisory: https://lists.apache.org/thread/whxloom7mpxlyt5wzdskflsg5mzdzd60
Restart Required: Yes
Instructions:
1. Backup your Apache Answer installation and database. 2. Download Apache Answer 2.0.0 from the official Apache website. 3. Replace the existing installation with version 2.0.0 files. 4. Restart the Apache Answer service or web server. 5. Verify the upgrade was successful.
🔧 Temporary Workarounds
Block Unauthenticated API Access
allConfigure web server or firewall rules to block unauthenticated access to the vulnerable API endpoint
# Example nginx location block
location ~ ^/api/.*$ {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
Disable Revision History API
allModify Apache Answer configuration to disable the revision history functionality
# Edit config file to disable revision API
# Set revision.enabled=false in application configuration
🧯 If You Can't Patch
- Implement strict network access controls to limit API endpoint access to authorized users only
- Monitor API access logs for suspicious patterns and unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Attempt to access the revision history API endpoint without authentication. If it returns deleted content, the system is vulnerable.Check Version:
Check the version in the admin panel or examine the application's version fileVerify Fix Applied:
After upgrading to 2.0.0, attempt the same unauthenticated API call. It should return an authentication error or empty response.📡 Detection & Monitoring
Log Indicators:
- Multiple unauthenticated requests to API endpoints related to revision history
- Access patterns showing retrieval of deleted content IDs
Network Indicators:
- Unusual volume of GET requests to /api/revision/* endpoints from unauthenticated sources
SIEM Query:
source="apache_answer" AND (uri_path="/api/revision/*" OR uri_path="/api/history/*") AND http_status=200 AND auth_status="unauthenticated"