CVE-2026-27934

| EUVD-2026-13196 HIGH
2026-03-19 GitHub_M
8.7
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 19, 2026 - 22:00 vuln.today
EUVD ID Assigned
Mar 19, 2026 - 22:00 euvd
EUVD-2026-13196
CVE Published
Mar 19, 2026 - 21:17 nvd
HIGH 8.7

Tags

Information Disclosure

Description

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

Analysis

Unauthorized information disclosure in Discourse discussion platform versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows unauthenticated attackers to view restricted post titles and excerpts through inadequate permission validation on user action API endpoints. The vulnerability affects all deployments running vulnerable versions, with no available workarounds until patching to the fixed releases.

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all Discourse instances and document current versions; assess whether affected versions are deployed in production and what data sensitivity exists in your instances. Within 7 days: Contact Discourse support for patch availability confirmation; implement network-level access controls to restrict API endpoint access if running affected versions. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +44
POC: 0

Share

CVE-2026-27934 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy