CVE-2026-30888

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2

Description Discourse is an open-source discussion platform. Moderators could edit site policy documents – Terms of Service, guidelines, and privacy policy – despite being explicitly prohibited from doing so.

Recommendations Update to Discourse version 2026.3.0-latest.1 or later. Update to Discourse version 2026.2.1 or later. Update to Discourse version 2026.1.2 or later.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BIT-DISCOURSE-2026-30888

CVE-2026-30888

GHSA-JJ9P-P7M6-JQ96

Affected Products

Discourse

CVE-2026-30888

Weakness Enumeration

Related Identifiers

Affected Products

References · 7