Unauthorized Access to Deleted Content in Apache Answer
CVE-2026-24735

7.5HIGH

Key Information:

Vendor

Apache
Status
Apache Answer
Vendor
CVE Published:
4 February 2026

What is CVE-2026-24735?

CVE-2026-24735 is a security vulnerability found in Apache Answer, an open-source software solution that provides an API for creating, managing, and retrieving data on content stored within the system. This vulnerability arises from an improperly secured API endpoint that allows unauthorized access to the full revision history of deleted content. This flaw poses a considerable risk to organizations as it could enable malicious actors to retrieve sensitive and private information that should have been permanently erased. The design oversight in the API increases the attack surface for potential data breaches, leading organizations to face significant compliance and reputational consequences.

To mitigate this vulnerability, it is recommended that users upgrade to version 2.0.0 or later of Apache Answer, which rectifies this security issue.

Potential impact of CVE-2026-24735

  1. Data Exposure: The vulnerability allows unauthorized users to access sensitive information that was deleted but still retrievable through the exposed API endpoint. This could lead to unauthorized disclosure of personally identifiable information (PII) or confidential organizational data.

  2. Compliance Risks: Organizations storing sensitive data must comply with various data protection regulations (such as GDPR or HIPAA). Failure to adequately protect data, particularly information that should have been deleted, may result in significant financial penalties and legal ramifications.

  3. Reputational Damage: A data breach arising from this vulnerability could severely damage an organization’s reputation, eroding customer trust and diminishing professional relationships. The fallout from such an incident may also hinder future business opportunities and partnerships.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Answer 0 <= 1.7.1

References

https://lists.apache.org/thread/whxloom7mpxlyt5wzdskflsg5...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sho Odagiri of GMO Cybersecurity by Ierae, Inc.
JSON
.