A vulnerability, which was classified as critical , was found in Apache Answer up to 2.0.0 . This affects an unknown part of the component Custom Avatar Handler . Executing a manipulation can lead to unrestricted upload. This vulnerability appears as CVE-2026-34031 . The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.