Information disclosure in Discourse

CVE-2026-45780

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were n…

Vulnerability class: Information Disclosure

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

  • Discourse — versions >= 2026.1.0-latest, < 2026.1.5, >= 2026.4.0-latest, < 2026.4.2, >= 2026.5.0-latest, < 2026.5.1

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-45780?
CVE-2026-45780 is a medium-severity vulnerability in Discourse, classified under Information Disclosure. CVSS score: 5.3/10. Published 2026-07-09.
How severe is CVE-2026-45780?
Medium severity. CVSS v3 base score is 5.3 out of 10.