PT-2026-29308 · Discourse · Discourse
Davidtaylorhq
·
Published
2026-03-31
·
Updated
2026-04-07
·
CVE-2026-32615
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0 through 2026.2.9
Description
Discourse, an open-source discussion platform, had a flaw where category group moderators could execute privileged actions on topics within private categories they were not authorized to view. This allowed unauthorized actions within restricted areas of the platform.
Recommendations
Update to Discourse version 2026.1.3 or later.
Update to Discourse version 2026.2.2 or later.
Update to Discourse version 2026.3.0 or later.
Exploit
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse