CVE-2026-25688NVD

Vulnerability Summary

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer.

This issue affects Apache Answer: through 2.0.0.

AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed.
Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Severity Level

MEDIUM(6.1)

Published Date

Jun 9, 2026

Last Modified

Jun 10, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.17%Probability

Root Weakness (CWE)

CWE-87: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeChanged

ConfidentialityLow

IntegrityLow

AvailabilityNone

External References

https://lists.apache.org/thread/x42joj43rqb38ms5q60f7bgq3qbo7t5q
http://www.openwall.com/lists/oss-security/2026/06/09/7

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-25688NVD

Vulnerability Summary

External References