Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN603 _____________________________________________________________________ DATE : 09/06/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache Answer versions prior to 2.0.1. ===================================================================== https://lists.apache.org/thread/plb7jfro4nbp71wt3xhjp672xx9nwbbs https://lists.apache.org/thread/x6175m9h6kmk99pz221x6ydfr6oh46jz https://lists.apache.org/thread/sf7233zs354rlj2cfb505wr8smzn317x https://lists.apache.org/thread/6ltfl07hr5z983sqw1kz2gv3w0zdzcg0 https://lists.apache.org/thread/t7p6oxh22m90o736cg1xmk4lwd1wdktt https://lists.apache.org/thread/slt2w0gn2kxpyx5ps2cyj34bszldb9r8 _____________________________________________________________________ CVE-2026-25688: Apache Answer: XSS in AI Answer Rendering Severity: critical Affected versions: - Apache Answer through 2.0.0 Description: Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are recommended to upgrade to version 2.0.1, which fixes the issue. Credit: Sho Odagiri (reporter) References: https://answer.apache.org https://www.cve.org/CVERecord?id=CVE-2026-25688 _____________________________________________________________________ CVE-2026-25699: Apache Answer: Authorization Bypass in Timeline API Severity: important Affected versions: - Apache Answer through 2.0.0 Description: Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and its revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue. Credit: Sho Odagiri (reporter) References: https://answer.apache.org https://www.cve.org/CVERecord?id=CVE-2026-25699 _____________________________________________________________________ CVE-2026-33582: Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error Severity: important Affected versions: - Apache Answer through 2.0.0 Description: Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are recommended to upgrade to version 2.0.1, which fixes the issue. Credit: Andy Gill, ZephrSec Ltd (reporter) References: https://answer.apache.org https://www.cve.org/CVERecord?id=CVE-2026-33582 _____________________________________________________________________ CVE-2026-34033: Apache Answer: HTML Content Injection in Email Severity: important Affected versions: - Apache Answer through 2.0.0 Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML into emails sent to other users. Users are recommended to upgrade to version 2.0.1, which fixes the issue. Credit: Reimar Fritz (reporter) References: https://answer.apache.org https://www.cve.org/CVERecord?id=CVE-2026-34033 _____________________________________________________________________ CVE-2026-34031: Apache Answer: The custom avatar was not properly validated Severity: moderate Affected versions: - Apache Answer through 2.0.0 Description: Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to unintended external requests and tracking by third-party servers. Users are recommended to upgrade to version 2.0.1, which fixes the issue. Credit: Reimar Fritz (reporter) References: https://answer.apache.org https://www.cve.org/CVERecord?id=CVE-2026-34031 _____________________________________________________________________ CVE-2026-34905: Apache Answer: Unlisted Questions Accessible via Direct API Access Severity: moderate Affected versions: - Apache Answer through 2.0.0 Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue. Credit: Hamed Kohi (reporter) References: https://answer.apache.org https://www.cve.org/CVERecord?id=CVE-2026-34905 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================