Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to unintended external requests and tracking by third-party servers. Users are recommended to upgrade to version 2.0.1, which fixes the issue.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34031.json",
"cwe_ids": [
"CWE-434"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"last_affected": "2.0.0"
}
],
"source": "AFFECTED_FIELD"
},
{
"extracted_events": [
{
"fixed": "2.0.0"
}
],
"source": "DESCRIPTION"
}
],
"cna_assigner": "apache"
}