CVE-2026-25699 Apache Answer: Authorization Bypass in Timeline API

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the ORDER BY parameter supplied to the getTimelineResults function via the Contact Activity timeline API endpoint. Remediation Upgrade mautic/core-lib to version 5.2.10, 6.0.8, 7.0.1 or higher. References - GitHub Commi...