Apache Answer: The custom avatar was not properly validated
CVE-2026-34031

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Answer
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-34031?

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.

This issue affects Apache Answer: through 2.0.0.

The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to unintended external requests and tracking by third-party servers. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Affected Version(s)

Apache Answer 0 <= 2.0.0

References

https://lists.apache.org/thread/rwtxy39t54to9kv3dqtbjsbdp...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Mar 25, 2026

Credit

Reimar Fritz

CVE-2026-34031 Data

JSON