EUVD-2026-36557Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Network-accessible feature requires only a valid user session (PR:L); limited confidentiality impact reading one hidden post; no integrity or availability consequence.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks can_see? on the post being explained, not its reply_to_post, so any authenticated user with access to the AI helper could read the raw contents of a hidden parent post by invoking "Explain" on a reply to it. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
AnalysisAI
Discourse's AI 'explain' helper exposes raw content of hidden posts to any authenticated user with access to the feature, due to an incomplete authorization check on parent posts. Affected instances span three release tracks - 2026.1.x, 2026.3.x, and 2026.4.x - and any user who can invoke the AI helper and find a visible reply to a hidden post can silently read the hidden post's raw text. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid authenticated Discourse session with access to the AI 'explain' helper feature (PR:L per CVSS). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 4.3 (Medium) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N correctly characterizes this as a low-privilege, network-exploitable flaw with limited confidentiality impact - no integrity or availability consequences exist. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated forum member navigates to any thread where a visible reply exists to a hidden or staff-only parent post. The attacker invokes the AI 'explain' feature on the visible reply, causing the AI backend to fetch and process the hidden parent post without a visibility check, returning its raw contents in the explanation response. … |
| Remediation | Upgrade to one of the vendor-released patches: 2026.1.4 (for 2026.1.x installations), 2026.3.1 (for 2026.3.x), 2026.4.1 (for 2026.4.x), or 2026.5.0-latest.1 for rolling-latest deployments, as confirmed by GitHub Security Advisory GHSA-7h76-fwxc-j586 at https://github.com/discourse/discourse/security/advisories/GHSA-7h76-fwxc-j586. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Information disclosure in Discourse discussion platform allows any MessageBus subscriber to receive real-time chat messa
Path traversal in Discourse's backup download handler allows an authenticated administrator on one site within a multisi
Discourse group owners can retrieve plaintext SMTP credentials - including passwords, usernames, server, port, and SSL m
Whisper channel access control in Discourse can be bypassed by any authenticated forum user, allowing injection of conte
Discourse chat plugin across versions 2026.1.0-2026.4.x contains four authorization deficiencies (CWE-862) enabling both
Share
External POC / Exploit Code
Leaving vuln.today