What is the CVSS score of CVE-2026-33408?

CVE-2026-33408 has a CVSS 3.1 base score of 2.2 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Discourse are affected by CVE-2026-33408?

CVE-2026-33408 is a low-severity vulnerability in PMs and private categories. involving missing authorization (CVSS 2.2).

How to fix or mitigate CVE-2026-33408?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Discourse CVE-2026-33408

LOW

Missing Authorization (CWE-862)

2026-03-19 GitHub_M

Authentication Bypass Discourse

2.2

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

2.2 LOW

AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 19, 2026 - 23:00 vuln.today

CVE Published

Mar 19, 2026 - 22:35 nvd

LOW 2.2

DescriptionGitHub Advisory

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categories. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

AnalysisAI

Discourse is an open-source discussion platform.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	CVSS score of 2.2 (LOW). Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Remediation	Monitor vendor advisories for patches. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

During next maintenance window: Apply vendor patches when convenient. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-44786 HIGH This Week

7.5 Jun 12

Information disclosure in Discourse discussion platform allows any MessageBus subscriber to receive real-time chat messa

CVE-2026-45775 MEDIUM This Month

6.8 Jun 12

Path traversal in Discourse's backup download handler allows an authenticated administrator on one site within a multisi

CVE-2026-44784 MEDIUM This Month

6.5 Jun 12

Discourse group owners can retrieve plaintext SMTP credentials - including passwords, usernames, server, port, and SSL m

CVE-2026-44783 MEDIUM This Month

5.4 Jun 12

Whisper channel access control in Discourse can be bypassed by any authenticated forum user, allowing injection of conte

CVE-2026-45085 MEDIUM This Month

5.3 Jun 12

Discourse chat plugin across versions 2026.1.0-2026.4.x contains four authorization deficiencies (CWE-862) enabling both

CVE-2026-33408 vulnerability details – vuln.today

Back

Discourse CVE-2026-33408

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code