CVE-2026-25700
Published: 10 June 2026
Summary
CVE-2026-25700 is a high-severity Improper Restriction of Security Token Assignment (CWE-1259) vulnerability in Apache Answer. Its CVSS base score is 7.2 (High).
Operationally, ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-36059
Vulnerability details
Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until…
more
the token expired. Users are recommended to upgrade to version 2.0.1, which fixes the issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.