What is CVE-2026-30888?

CVE-2026-30888 is a low-severity vulnerability in Discourse, classified under Improper Privilege Management. CVSS score: 2.2/10. Published 2026-03-20.

How severe is CVE-2026-30888?

Low severity. CVSS v3 base score is 2.2 out of 10.

Privilege escalation in Discourse

CVE-2026-30888

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents (ToS, guidelines, privacy policy) that they are explicitly prohibited from modifyi…

Vulnerability class: Privilege Escalation

EPSS: 0.000 (3.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.2 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N.

Affected products

Discourse — versions < 2026.3.0-latest.1, >= 2026.2.0-latest, < 2026.2.1, >= 2026.1.0-latest, < 2026.1.2

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

https://github.com/discourse/discourse/security/advisories/GHSA-jj9p-p7m6-jq96 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-30888?: CVE-2026-30888 is a low-severity vulnerability in Discourse, classified under Improper Privilege Management. CVSS score: 2.2/10. Published 2026-03-20.
How severe is CVE-2026-30888?: Low severity. CVSS v3 base score is 2.2 out of 10.