PT-2026-26703 · Discourse · Discourse
Published
2026-03-20
·
Updated
2026-03-20
·
CVE-2026-33251
CVSS v3.1
5.4
Medium
| AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure only trusted users are part of the Site Setting for accept all solutions allowed groups.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse