CVE-2026-25700EPSS p27.3%

CVE-2026-25700CVE-2026-25700

apache / answer

Description

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until the token expired. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Scoring

CVSS 7.2 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 27.3% · 2026-06-18T12:00:27Z
Last modified2026-06-12

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25699
CVE
CVE-2026-34905
CVE
CVE-2026-25688
CVE
CVE-2026-34033
CVE
CVE-2025-10611
CVE
CVE-2026-34031
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.