Vulnerability Details CVE-2026-25700
Improper Restriction of Security Token Assignment vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until the token expired.
Users are recommended to upgrade to version 2.0.1, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.0%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2026-25700
-
cpe:2.3:a:apache:answer:-
-
cpe:2.3:a:apache:answer:0.2.0
-
cpe:2.3:a:apache:answer:0.3.0
-
cpe:2.3:a:apache:answer:0.4.0
-
cpe:2.3:a:apache:answer:0.4.1
-
cpe:2.3:a:apache:answer:0.4.2
-
cpe:2.3:a:apache:answer:0.5.0
-
cpe:2.3:a:apache:answer:1.0.0
-
cpe:2.3:a:apache:answer:1.0.1
-
cpe:2.3:a:apache:answer:1.0.2
-
cpe:2.3:a:apache:answer:1.0.3
-
cpe:2.3:a:apache:answer:1.0.4
-
cpe:2.3:a:apache:answer:1.0.5
-
cpe:2.3:a:apache:answer:1.0.6
-
cpe:2.3:a:apache:answer:1.0.7
-
cpe:2.3:a:apache:answer:1.0.8
-
cpe:2.3:a:apache:answer:1.0.9
-
cpe:2.3:a:apache:answer:1.1.0
-
cpe:2.3:a:apache:answer:1.1.1
-
cpe:2.3:a:apache:answer:1.1.2
-
cpe:2.3:a:apache:answer:1.1.3
-
cpe:2.3:a:apache:answer:1.2.0
-
cpe:2.3:a:apache:answer:1.2.1
-
cpe:2.3:a:apache:answer:1.2.5
-
cpe:2.3:a:apache:answer:1.3.0
-
cpe:2.3:a:apache:answer:1.3.1
-
cpe:2.3:a:apache:answer:1.3.5
-
cpe:2.3:a:apache:answer:1.3.6
-
cpe:2.3:a:apache:answer:1.4.0
-
cpe:2.3:a:apache:answer:1.4.1
-
cpe:2.3:a:apache:answer:1.4.2
-
cpe:2.3:a:apache:answer:1.4.5
-
cpe:2.3:a:apache:answer:1.5.0
-
cpe:2.3:a:apache:answer:1.5.1
-
cpe:2.3:a:apache:answer:1.6.0
-
cpe:2.3:a:apache:answer:1.7.0
-
cpe:2.3:a:apache:answer:1.7.1
-
cpe:2.3:a:apache:answer:2.0.0