CVE-2026-33251
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2Description
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure only trusted users are part of the Site Setting for accept_all_solutions_allowed_groups.
Analysis
An authorization bypass vulnerability in Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows authenticated users to accept or unaccept solutions in hidden Solved topics without proper authorization checks. The vulnerability affects the open-source Discourse discussion platform and permits users with valid credentials to manipulate solution status across topics they should not have access to, resulting in information disclosure and integrity violations. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running hidden Solved topics may allow unauthorized users to accept and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today