PT-2026-41764 · Discourse · Discourse
Davidtaylorhq
·
Published
2026-05-19
·
Updated
2026-06-01
·
CVE-2026-33514
CVSS v4.0
6.0
Medium
| Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 2026.1.4
Discourse versions prior to 2026.3.1
Discourse versions prior to 2026.4.1
Discourse versions prior to 2026.5.0-latest.1
Description
An authenticated user on an instance with the form templates feature enabled can read the name and structured content of form templates intended for categories they are not authorized to access. This results in the disclosure of site configuration metadata.
Recommendations
Update to version 2026.1.4
Update to version 2026.3.1
Update to version 2026.4.1
Update to version 2026.5.0-latest.1
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse