PT-2026-56893 · Discourse · Discourse

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-55420

CVSS v3.1

7.5

High

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55420

Affected Products

Discourse