PT-2026-29311 · Discourse · Discourse
Davidtaylorhq
·
Published
2026-03-31
·
Updated
2026-04-07
·
CVE-2026-32620
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions 2026.1.0 through 2026.1.2
Discourse versions 2026.2.0 through 2026.2.1
Discourse versions 2026.3.0 through 2026.2.9
Description
Discourse, an open-source discussion platform, had a flaw where non-staff users could view read receipt information for staff-only posts. The issue did not expose post content, but revealed metadata about who read the post and when.
Recommendations
Upgrade to Discourse version 2026.1.3 or later.
Upgrade to Discourse version 2026.2.2 or later.
Upgrade to Discourse version 2026.3.0 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse