XSS in Discourse
CVE-2026-32243
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations c…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (14.2th percentile) — read the EPSS interpretation.
Affected products
- Discourse — versions >= 2026.1.0-latest, < 2026.1.3, >= 2026.2.0-latest, < 2026.2.2, >= 2026.3.0-latest, < 2026.3.0
Weakness classification (CWE)
References
- https://github.com/discourse/discourse/security/advisories/GHSA-pjc5-8x3w-rfwx (x_refsource_CONFIRM)
- https://github.com/discourse/discourse/commit/cac7d618a562ce934f8dbf73cdb70066a4806b4c (x_refsource_MISC)