PT-2026-26542 · Discourse · Discourse
Jomaxro
·
Publicado
2026-03-20
·
Atualizado
2026-03-27
·
CVE-2026-31805
CVSS v3.1
8.2
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 2026.3.0-latest.1
Discourse versions prior to 2026.2.1
Discourse versions prior to 2026.1.2
Description
Discourse is an open-source discussion platform. An authorization bypass in the poll plugin allowed authenticated users to perform actions on polls they were not authorized to access. This included voting, removing votes, and changing the open/closed status of polls. The issue occurred because the authorization check and poll lookup used different resolutions when the
post id parameter was passed as an array (e.g., post id[]=&post id[]=). This affected the following API endpoints within the DiscoursePoll::PollsController:/vote/remove vote/toggle statusThepost idparameter is a vulnerable parameter.
Recommendations
Update Discourse to version 2026.3.0-latest.1 or later.
Update Discourse to version 2026.2.1 or later.
Update Discourse to version 2026.1.2 or later.
Exploit
Correção
RCE
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Discourse