CVE-2026-26979

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0

Description Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, Trust Level 4 (TL4) users were able to perform actions such as closing, archiving, and pinning topics within private categories to which they did not have explicit access.

Recommendations Update Discourse to version 2025.12.2 or later. Update Discourse to version 2026.1.1 or later. Update Discourse to version 2026.2.0 or later.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

BIT-DISCOURSE-2026-26979

CVE-2026-26979

GHSA-9C7P-FQC5-C24F

Affected Products

Discourse

CVE-2026-26979

Weakness Enumeration

Related Identifiers

Affected Products

References · 9