PT-2026-26370 · Discourse · Discourse
Davidtaylorhq
·
Published
2026-03-19
·
Updated
2026-03-27
·
CVE-2026-27934
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 2026.3.0-latest.1
Discourse versions prior to 2026.2.1
Discourse versions prior to 2026.1.2
Description
Discourse, an open-source discussion platform, is affected by an information disclosure issue. A lack of visibility checks within a user action API endpoint allows unauthorized users to access the title and post excerpt. The affected API endpoint is a user action endpoint. No information is available regarding the number of potentially affected devices or real-world exploitation of this issue.
Recommendations
Update Discourse to version 2026.3.0-latest.1 or later.
Update Discourse to version 2026.2.1 or later.
Update Discourse to version 2026.1.2 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse