PT-2026-5185 · Discourse · Discourse
Published
2026-01-28
·
Updated
2026-02-02
·
CVE-2025-68662
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 3.5.4
Discourse versions prior to 2025.11.2
Discourse versions prior to 2025.12.1
Discourse versions prior to 2026.1.0
Description
Discourse is an open source discussion platform. A hostname validation issue in the
FinalDestination component could allow bypassing Server-Side Request Forgery (SSRF) protections under certain conditions.Recommendations
Update Discourse to version 3.5.4 or later.
Update Discourse to version 2025.11.2 or later.
Update Discourse to version 2025.12.1 or later.
Update Discourse to version 2026.1.0 or later.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse