PT-2026-30241 · Discourse · Discourse
Davidtaylorhq
·
Published
2026-04-03
·
Updated
2026-04-08
·
CVE-2026-27481
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions 2026.1.0 through before 2026.1.3
Discourse versions 2026.2.0 through before 2026.2.2
Discourse versions 2026.3.0 through before 2026.3.0
Description
Discourse, an open-source discussion platform, contains an authorization bypass issue. This allows unauthenticated or unauthorized users to view hidden (staff-only) tags and associated data. All Discourse instances with tagging enabled and staff-only tag groups configured are affected.
Recommendations
Upgrade to Discourse version 2026.1.3 or later.
Upgrade to Discourse version 2026.2.2 or later.
Upgrade to Discourse version 2026.3.0 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse