Discourse · Discourse · CVE-2026-32143
Name of the Vulnerable Software and Affected Versions
Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0 through 2026.3.0
Description
Discourse, an open-source discussion platform, allowed moderators to export CSV data for admin-restricted reports, circumventing intended report visibility restrictions. This could lead to the disclosure of sensitive operational data.
Recommendations
Update to Discourse version 2026.1.3 or later.
Update to Discourse version 2026.2.2 or later.
Update to Discourse version 2026.3.0 or later.