PT-2026-41764 · Discourse · Discourse

Davidtaylorhq

·

Published

2026-05-19

·

Updated

2026-06-01

·

CVE-2026-33514

CVSS v4.0

6.0

Medium

VectorAV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.1.4 Discourse versions prior to 2026.3.1 Discourse versions prior to 2026.4.1 Discourse versions prior to 2026.5.0-latest.1
Description An authenticated user on an instance with the form templates feature enabled can read the name and structured content of form templates intended for categories they are not authorized to access. This results in the disclosure of site configuration metadata.
Recommendations Update to version 2026.1.4 Update to version 2026.3.1 Update to version 2026.4.1 Update to version 2026.5.0-latest.1

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BIT-DISCOURSE-2026-33514
CVE-2026-33514
GHSA-W6G7-P2P9-2M5H

Affected Products

Discourse