CVE-2026-32618

CVSS v3.1

4.3

Medium

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channel membership inference from chat user search without authorization. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2026-32618

Affected Products

Discourse

CVE-2026-32618

Weakness Enumeration

Related Identifiers

Affected Products

References · 3