CVE-2026-34031 | THREATINT

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to unintended external requests and tracking by third-party servers. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

PUBLISHED Reserved 2026-03-25 | Published 2026-06-09 | Updated 2026-06-09 | Assigner apache

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status

unaffected

Any version

affected

Credits

Reimar Fritz reporter

References

www.openwall.com/lists/oss-security/2026/06/09/4

lists.apache.org/thread/rwtxy39t54to9kv3dqtbjsbdpyk4jkd2 vendor-advisory

cve.org (CVE-2026-34031)

nvd.nist.gov (CVE-2026-34031)

Download JSON