CVE-2026-32951

CVSS v3.1

4.3

Medium

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a category id parameter matching the shared drafts category. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2026-32951

Affected Products

Discourse

CVE-2026-32951

Weakness Enumeration

Related Identifiers

Affected Products

References · 3