Vulnerability in Discourse

CVE-2026-27934

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unaut…

EPSS: 0.001 (19.7th percentile) — read the EPSS interpretation.

Affected products

Discourse — versions >= 2026.1.0-latest, < 2026.1.2, >= 2026.2.0-latest, < 2026.2.1, = 2026.3.0-latest

Weakness classification (CWE)

CWE-201 — Insertion of Sensitive Information into Sent Data

References

https://github.com/discourse/discourse/security/advisories/GHSA-824f-66wh-xx3g (x_refsource_CONFIRM)