PT-2026-26434 · Discourse · Discourse

Davidtaylorhq

Published

2026-03-19

Updated

2026-03-27

CVE-2026-33408

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2

Description Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators could view the initial 40 characters of post edits within private messages and private categories.

Recommendations Update Discourse to version 2026.3.0-latest.1 or later. Update Discourse to version 2026.2.1 or later. Update Discourse to version 2026.1.2 or later.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

BIT-DISCOURSE-2026-33408

CVE-2026-33408

GHSA-WF9R-386H-G29C

Affected Products

Discourse

PT-2026-26434 · Discourse · Discourse

CVE-2026-33408

Weakness Enumeration

Related Identifiers

Affected Products

References · 9