PT-2026-29314 · Discourse · Discourse
Davidtaylorhq
·
Publicado
2026-03-31
·
Atualizado
2026-04-07
·
CVE-2026-32951
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0
Description
A user with valid credentials can retrieve shared draft topic titles by submitting an inline onebox request with a
category id parameter that corresponds to the shared drafts category.Recommendations
Update to Discourse version 2026.1.3 or later.
Update to Discourse version 2026.2.2 or later.
Update to Discourse version 2026.3.0 or later.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Discourse