CVE-2026-32619

CVSS v4.0

6.3

Medium

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0 through 2026.3.0

Description Discourse, an open-source discussion platform, had an issue where users who no longer had access to a topic could still interact with polls within that topic, including voting and changing poll status. No content was exposed, but users could modify poll states in topics they should no longer have access to.

Recommendations Update to Discourse version 2026.1.3 or later. Update to Discourse version 2026.2.2 or later. Update to Discourse version 2026.3.0 or later.

Exploit

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

BIT-DISCOURSE-2026-32619

CVE-2026-32619

GHSA-WQ58-PVF6-W4P8

Affected Products

Discourse

CVE-2026-32619

Weakness Enumeration

Related Identifiers

Affected Products

References · 6