Discourse

Tag group name disclosure in Discourse exposes restricted organizational metadata to anonymous and unprivileged users via a serializer that omits visibility filtering. Affected release lines are 2026.1.x (before 2026.1.4), 2026.3.x (before 2026.3.1), and 2026.4.x (before 2026.4.1), with the root cause being that DetailedTagSerializer#tag_group_names returned all group memberships without consulting the requesting user's permissions. An unauthenticated attacker can enumerate the names of tag groups restricted to specific user groups or non-visible categories, potentially leaking the internal structure of private forum spaces; no public exploit code has been identified at time of analysis and EPSS is 0.04% (11th percentile), indicating negligible observed exploitation activity.

Unauthorized access to webhook event data in Discourse exposes internal webhook payloads to any authenticated user - or unauthenticated users on instances with login_required disabled - across versions 2026.1.0 through several branch heads. The flaw resides in the MessageBus channel /web_hook_events/<id>, which the Jobs::RedeliverWebHookEvents job publishes to without enforcing group_id restrictions, allowing unrestricted channel subscription. Compounded by trivially enumerable sequential integer webhook IDs, any low-privilege or anonymous actor can iterate over webhook event history without authorization. No public exploit code exists and EPSS is 0.03% (9th percentile), indicating no observed widespread exploitation at time of analysis.

Path traversal in Discourse's backup download handler allows an authenticated administrator on one site within a multisite deployment to retrieve backup archives belonging to a co-hosted site on the same server. Backup files typically contain full database dumps, private messages, user credentials, and email addresses, making cross-site access a serious trust-boundary violation. No public exploit has been identified and EPSS sits at 0.04% (12th percentile), reflecting the narrow exploitation conditions; vendor-released patches are available across all affected release trains.

Discourse chat plugin across versions 2026.1.0-2026.4.x contains four authorization deficiencies (CWE-862) enabling both information disclosure and unauthorized write actions: calendar event API payloads expose the associated chat channel's last message - potentially a private DM - to unauthenticated users, while separate flaws allow read-only users to create chat threads, authors to restore their own deleted messages after losing channel access, and moderators reviewing flagged messages to inadvertently view unrelated DM content. Vendor-released patches exist for all supported branches; no public exploit identified at time of analysis and EPSS is 0.04% (11th percentile), but the unauthenticated DM disclosure warrants prompt patching on public-facing instances.

Discourse's AI 'explain' helper exposes raw content of hidden posts to any authenticated user with access to the feature, due to an incomplete authorization check on parent posts. Affected instances span three release tracks - 2026.1.x, 2026.3.x, and 2026.4.x - and any user who can invoke the AI helper and find a visible reply to a hidden post can silently read the hidden post's raw text. No public exploit code has been identified and EPSS places exploitation probability at 0.03% (9th percentile), indicating this is a low-urgency but genuine confidentiality bypass for deployments where hidden post content is sensitive.

Discourse group owners can retrieve plaintext SMTP credentials - including passwords, usernames, server, port, and SSL mode - from the group history log endpoint (/groups/:name/logs.json), affecting versions 2026.1.0-latest through pre-2026.1.4, 2026.3.0-latest through pre-2026.3.1, and 2026.4.0-latest through pre-2026.4.1. An authenticated group owner who holds no admin or moderator privileges can harvest the exposed SMTP password and use it to send mail impersonating the group's email identity from any external mail client, entirely bypassing Discourse's own sending controls. No public exploit code exists and this vulnerability is not listed in CISA KEV; the EPSS score of 0.03% at the 11th percentile reflects the narrow, configuration-dependent attack surface.

Whisper channel access control in Discourse can be bypassed by any authenticated forum user, allowing injection of content into staff-only whisper threads visible to moderators and staff. Affected release trains span 2026.1.0-latest through pre-2026.1.4, 2026.3.0-latest through pre-2026.3.1, and 2026.4.0-latest through pre-2026.4.1, with all fixes confirmed by the vendor in the GitHub Security Advisory. An attacker holding only a standard forum account can exploit the reply mechanism to post messages that surface inside privileged staff whisper channels, potentially poisoning internal moderation communications or probing staff responses for sensitive operational detail. No public exploit is identified at time of analysis, and EPSS places exploitation probability at the 9th percentile.

Discourse's GroupPostSerializer leaks user real names to authenticated users even when site administrators have explicitly disabled name display via the enable_names site setting. Affected versions span the 2026.1.x, 2026.3.x, and 2026.4.x release lines. An authenticated user querying group post endpoints receives real name data that the platform operator intended to suppress, undermining privacy configurations on Discourse instances that host pseudonymous or anonymous communities. No public exploit code exists and no active exploitation has been identified; the EPSS score of 0.03% (9th percentile) reflects low exploitation probability.

Discourse's ReviewableQueuedPostSerializer unconditionally exposes full inbound email source - including SMTP headers, sender trace, mail user agent, and body - to category moderation group members accessing the review queue, bypassing the view_raw_email_allowed_groups trust boundary that restricts the dedicated raw-email endpoint. Affected versions span the 2026.1.x, 2026.3.x, and 2026.4.x series on deployments using Discourse's incoming email feature. No public exploit has been identified and EPSS stands at 0.03% (9th percentile), indicating low automated exploitation probability, though the exposed data - including sender IP addresses and routing headers - presents meaningful privacy and de-anonymization risk to users who submitted posts via email.

Discourse platform versions across three active release tracks expose whisper translation audit logs through bot debug endpoints to any authenticated low-privilege user. The vulnerability (CWE-200) exists across release lines 2026.1.x, 2026.3.x, and 2026.4.x, and has been patched by the vendor across all affected tracks. No public exploit exists and EPSS sits at the 9th percentile (0.03%), indicating this is a low-probability exploitation target; however, the exposure of internal moderation audit logs may pose compliance and confidentiality risks on community platforms handling sensitive staff communications.

Information disclosure in Discourse discussion platform allows any MessageBus subscriber to receive real-time chat message payloads from public category channels without proper permission scoping, even when chat is not enabled for that user. The flaw affects versions 2026.1.0 through 2026.1.3, 2026.3.0 through 2026.3.0, and 2026.4.0 through 2026.4.0, and is fixed in 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1. No public exploit identified at time of analysis, but the unauthenticated network attack vector makes this a meaningful confidentiality concern for forums leveraging chat.

Payment bypass in the discourse-subscriptions plugin allows unauthenticated users to gain membership in subscription-gated groups without completing a financial transaction. Affected are all Discourse installations running the subscriptions plugin prior to fixed versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 2.1 reflects high attack complexity, required user interaction, and limited confidentiality impact confined to the vulnerable system.

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively for categories they are not authorized to access. Impact is limited to disclosure of site configuration metadata. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1.

Discourse's AI summarization feature exposes removed or restricted content to anonymous and unprivileged users through stale cached summaries. Affected are all Discourse instances running versions prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 with AI summarization enabled. An unauthenticated attacker can read cached summaries that persist after the underlying content has been moderated or deleted, bypassing content removal controls. No public exploit code exists and no KEV listing has been issued at time of analysis.

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0-beta expose staged user custom fields and usernames on public invite pages without requiring email verification. An unauthenticated remote attacker can enumerate user information and custom field data by accessing public invitation links, potentially gathering sensitive user attributes before account activation. The vulnerability has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0, with no public exploit code or active exploitation confirmed at time of analysis.

Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-pre allow unauthenticated users to enumerate and view hidden staff-only tags and associated metadata through an authorization bypass flaw. All instances with tagging enabled and staff-only tag groups configured are vulnerable. The issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0 final. No public exploit code or active exploitation has been confirmed at the time of analysis.

Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-beta allow authenticated moderators to bypass category permission controls and retrieve post content, topic titles, and usernames from categories they lack authorization to access via a sentiment analytics endpoint. Patches are available (2026.1.3, 2026.2.2, 2026.3.0); no public exploit code or active exploitation has been identified.

Discourse 2026.1.0 through 2026.3.0-beta allows authenticated moderators to bypass authorization controls in the Category Chatables Controller, disclosing sensitive information about hidden group names and user counts. The vulnerability affects multiple release branches and has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. With a CVSS score of 5.3 and low attack complexity, this represents a meaningful information disclosure risk requiring prompt patching.

Server-side request forgery (SSRF) in Discourse group email settings test endpoint allows authenticated non-staff group owners to initiate outbound connections to arbitrary hosts and ports, enabling internal network reconnaissance. Affects Discourse 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-rc versions. Patched in 2026.1.3, 2026.2.2, and 2026.3.0. No public exploit code or active exploitation confirmed at time of analysis.

Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-pre allow authenticated users to escalate their subscription tier by purchasing a lower-cost plan while obtaining benefits reserved for higher-tier subscriptions. The vulnerability has a CVSS 6.3 score reflecting the integrity impact, requires high attack complexity and partial timing conditions, but affects confidentiality minimally. Vendor-released patches address the flaw in versions 2026.1.3, 2026.2.2, and 2026.3.0, and the exploit likely requires knowledge of the subscription grant mechanism.

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0 prior to patching allow authenticated users to disclose shared draft topic titles via specially crafted inline onebox requests that reference the shared drafts category. An attacker with valid Discourse credentials can enumerate and read draft titles not intended for their access, violating information confidentiality. The vulnerability has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0; EPSS and KEV data indicate no current active exploitation, though the fix is available and should be deployed promptly given the low barrier to exploitation.

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0 leak read receipt metadata (who read staff-only posts and when) to non-staff users who should not have access to that information. While no post content is exposed, the metadata disclosure violates intended access controls. Patches are available in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0-beta retain unauthorized poll interaction capabilities for users who have lost access to private topics, allowing them to vote on and toggle poll status despite removal from category group membership. While no topic content is exposed, the vulnerability permits state modification in topics to which access should have been revoked, violating the intended access control model. Patched versions 2026.1.3, 2026.2.2, and 2026.3.0 are available, and no public exploit code has been identified.

Discourse chat user search functionality discloses channel membership information to authenticated users without proper authorization checks, allowing users to infer private channel membership across versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-rc1, affecting community administrators and organizations relying on channel privacy. The vulnerability requires authenticated access but carries low confidentiality impact (CVSS 4.3); patches are available in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Category group moderators in Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-pre can perform privileged actions (such as topic moderation) on content within private categories to which they lack read access, bypassing intended access controls. This authenticated privilege escalation affects self-hosted and managed Discourse instances and has been resolved in versions 2026.1.3, 2026.2.2, and 2026.3.0+. No public exploit code or active exploitation has been reported at this time.

Stored cross-site scripting (XSS) in Discourse assignment UI allows authenticated users with assign permission to inject arbitrary HTML/JavaScript into user and group display names when the hidden prioritize_full_name_in_ux site setting is enabled, affecting versions 2026.1.0–2026.1.2, 2026.2.0–2026.2.1, and 2026.3.0. The injected payload executes in the browser of any user viewing an affected topic, enabling session hijacking, credential theft, or malware distribution. No active exploitation confirmed; however, the requirement for console access to enable the vulnerable setting and assign permission to exploit limits real-world impact, though the low CVSS score (2.1) reflects these constraints rather than severity of XSS itself.

Stored cross-site scripting (XSS) in Discourse category description API endpoints allows authenticated users with category management privileges to inject malicious scripts that execute in the browsers of other users viewing the category. The vulnerability affects Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0-pre-release due to missing input sanitization on category description updates. Vendor-released patches address this in versions 2026.1.3, 2026.2.2, and 2026.3.0; no public exploit code has been identified at time of analysis.

Stored cross-site scripting (XSS) in Discourse allows authenticated users with conversation creation privileges to inject arbitrary HTML and JavaScript via crafted AI conversation titles, executing malicious payloads in the browsers of users viewing onebox previews and potentially enabling session hijacking or unauthorized actions. Affects Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0-beta; patched versions 2026.1.3, 2026.2.2, and 2026.3.0 are available. No public exploit code or active exploitation has been confirmed at time of analysis.

Discourse moderators can export CSV data from admin-restricted reports in versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-beta, circumventing role-based access controls and exposing sensitive operational data intended exclusively for administrators. The vulnerability requires authenticated moderator access but carries low confidentiality impact (CVSS 5.3). Vendor-released patches are available in Discourse 2026.1.3, 2026.2.2, and 2026.3.0.

Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0 leak Stripe API keys across sites in multisite cluster deployments due to improper credential isolation in the discourse-subscriptions plugin, allowing authenticated users with UI access on one site to view payment credentials belonging to other sites within the same cluster. CVSS 2.0 reflects low severity (information disclosure only, requires authentication and user interaction), but the exposure of payment processor credentials carries material business risk. Patches are available in versions 2026.1.3, 2026.2.2, and 2026.3.0.

An authorization bypass vulnerability exists in Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, where non-staff users with elevated group membership can access deleted posts belonging to any user through an overly permissive authorization check on the deleted posts index endpoint. This is a CWE-863 (Incorrect Authorization) vulnerability that allows unauthorized information disclosure of deleted content. No public exploit or active exploitation in the wild has been reported, but patches are available and no workarounds exist.

Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain an authorization page spoofing vulnerability that allows unauthenticated attackers to inject attacker-controlled domains into legitimate Discourse authorization pages, enabling social engineering attacks. This CWE-862 (Missing Authorization) class vulnerability affects all affected Discourse installations and requires no authentication or special privileges to exploit. No active exploitation in the wild (KEV status) has been reported, but the attack surface is broad given Discourse's widespread use as an open-source discussion platform.

Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain an authorization bypass vulnerability where users with tag-editing permissions can edit and create tag synonyms for tags within restricted tag groups, even when those users lack visibility into the restricted tags themselves. This represents a broken access control issue (CWE-862) with low CVSS score (3.5) due to high privilege requirement and limited impact scope, though it enables unauthorized information disclosure and tag manipulation within the platform. No public exploit code or active exploitation in the wild has been reported at this time.

An information disclosure vulnerability in Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows unauthenticated attackers to enumerate private group membership by observing directory result changes when manipulating the exclude_groups parameter. This enables attackers to determine whether specific users are members of private groups without authentication, representing a direct privacy violation. The vulnerability does not appear to be actively exploited in the wild (no KEV status indicated), but patches are available from the vendor.

Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain an access control bypass vulnerability where attackers can grant invites to private message topics even after losing direct access to those conversations. This authentication bypass (CWE-863) allows unauthorized lateral privilege escalation within discussion communities. No public exploit code has been widely reported, but the vulnerability is patched across multiple release branches, indicating vendor awareness of active exploitation risk.

A privilege escalation vulnerability in Discourse allows staff members to arbitrarily modify group notification levels for any user without proper authorization checks. This affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, enabling authenticated staff users to alter notification settings for other users in ways they should not be permitted to do. While no CVSS score or EPSS data is available and no known public exploits have been confirmed, the vulnerability is classified under CWE-862 (Missing Authorization) and has been assigned a GitHub Security Advisory (GHSA-qggq-wr6h-vhrg) with patches available.

Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain an information disclosure vulnerability where IP addresses of flagged users are exposed to any user with access to the review queue, including those without proper authorization. This allows unauthorized access to sensitive network information that should be restricted to administrators. The vulnerability has a CVSS score of 3.5 (low severity) with no known public exploits or KEV designation, but represents a clear privacy and data protection issue in moderation workflows.

A stored cross-site scripting (XSS) vulnerability exists in Discourse's solved posts stream feature where unsanitized topic titles can be persisted and executed in the browser context of authenticated users. The vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, allowing authenticated attackers to inject malicious JavaScript that executes in the browsers of other users viewing the affected topics. While the CVSS score of 5.4 reflects moderate severity with low impact scope and no availability impact, the attack requires user interaction indirectly through viewing a crafted topic title, making real-world exploitation limited to scenarios where attackers have post creation privileges.

A broken access control vulnerability in Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows moderators to create Zendesk support tickets for topics they lack permission to view, bypassing intended access restrictions. This affects all Discourse forums utilizing the Zendesk plugin integration. The vulnerability is classified as CWE-863 (Incorrect Authorization) and has no publicly disclosed active exploitation or proof-of-concept code, though patches are available from the vendor.

An authorization bypass vulnerability in Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows authenticated users to accept or unaccept solutions in hidden Solved topics without proper authorization checks. The vulnerability affects the open-source Discourse discussion platform and permits users with valid credentials to manipulate solution status across topics they should not have access to, resulting in information disclosure and integrity violations. This is a low-to-moderate severity issue with a CVSS score of 5.4 that requires prior authentication but carries exploitation risk in multi-tenant or federated Discourse installations.

An Insecure Direct Object Reference (IDOR) vulnerability in Discourse allows any authenticated user to access restricted metadata about AI personas, features, and LLM models by directly referencing their identifiers, exposing sensitive information including credit allocations and usage statistics. The vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, and requires only low-privilege access (any logged-in user account) over the network. While the CVSS score of 5.3 indicates low confidentiality impact with no integrity or availability impact, this represents a clear information disclosure risk that could enable unauthorized tracking of AI resource consumption and usage patterns.

Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contains an information disclosure vulnerability in the ComposerController#mentions endpoint that reveals hidden group membership to any authenticated user capable of messaging the group. An attacker can exploit this by supplying hidden-membership group names and probing arbitrary usernames to infer membership based on whether the user_reasons field returns 'private', effectively bypassing group member-visibility controls designed to protect sensitive group information. This vulnerability is not known to be actively exploited in the wild (KEV status unknown), carries a moderate CVSS score of 5.3 reflecting low confidentiality impact with low attack complexity, and requires prior authentication.

A remote code execution vulnerability in Discourse (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain an authorization bypass vulnerability in the user actions endpoint that allows authenticated users to access other users' private activity data. An attacker with valid login credentials can enumerate and view private user actions without proper permission checks, resulting in information disclosure. This is a moderate-severity issue with a CVSS score of 5.3 that requires authentication to exploit but has no known active exploitation or public proof-of-concept at this time.

A moderator authorization bypass vulnerability in Discourse allows authenticated moderators to access post metadata they should not have permission to view due to insufficient authorization checks. The vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, with patched versions now available. While the CVSS score of 5.3 indicates moderate severity and the attack requires authenticated access with moderator privileges, this represents a meaningful confidentiality risk in multi-tenant forum environments where metadata isolation between moderation scopes is critical.

A privilege escalation vulnerability in Discourse allows moderators to edit site policy documents (Terms of Service, guidelines, privacy policy) despite explicit access restrictions, enabling unauthorized modification of critical site governance documents. This affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. The vulnerability has a low CVSS score of 2.2 due to high attack complexity and privileged access requirement, but represents a clear integrity violation of role-based access controls.

Discourse is an open-source discussion platform.

Authenticated users can inject persistent JavaScript through malicious DOT graph definitions in the discourse-graphviz plugin on Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, enabling stored XSS attacks when Content Security Policy is disabled. Affected instances should upgrade to patched versions, disable the plugin, or enforce a CSP as a temporary mitigation, as no patch is currently available for all deployment scenarios.

A remote code execution vulnerability in Discourse (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Discourse is an open-source discussion platform.

A remote code execution vulnerability in Discourse (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

A post-type visibility filtering bypass in Discourse's `/private-posts` endpoint allows authenticated users with access to private message (PM) topics to view whisper posts that should be restricted to specific recipients. This information disclosure vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, and requires only low-privilege user authentication to exploit. No active exploitation in the wild has been reported, but patches are available from the vendor.

Discourse's profile hiding feature fails to protect user bio, location, and website fields when accessed through onebox previews, allowing authenticated attackers to retrieve this information despite the `hide_profile` setting. An attacker can request a onebox preview of a hidden user's profile URL to bypass privacy controls and expose sensitive profile data. The vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, with no workarounds currently available.

A remote code execution vulnerability in Discourse (CVSS 7.5). High severity vulnerability requiring prompt remediation.

A remote code execution vulnerability in Discourse (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

A remote code execution vulnerability in Discourse (CVSS 5.3) that allows restricted post action counts. Remediation should follow standard vulnerability management procedures.

A remote code execution vulnerability in Discourse (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Unauthorized information disclosure in Discourse discussion platform versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows unauthenticated attackers to view restricted post titles and excerpts through inadequate permission validation on user action API endpoints. The vulnerability affects all deployments running vulnerable versions, with no available workarounds until patching to the fixed releases.

Cross-site scripting in Discourse's Review Queue interface allows remote attackers to inject malicious payloads through prompt injection attacks against the AI triage system, which renders unsanitized LLM output to staff members. When administrators or moderators view flagged posts, the injected payload executes in their browser context, potentially compromising their sessions or performing unauthorized actions. The vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, with patches available in these releases.

Reflected cross-site scripting in Discourse AI conversation sharing allows unauthenticated attackers to inject malicious scripts through improperly sanitized conversation titles in the onebox rendering feature. An attacker can craft a malicious shared conversation link to execute arbitrary JavaScript in the context of other users' browsers, potentially stealing session tokens or performing unauthorized actions. The vulnerability affects versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, and currently has no patch available as a preventive measure.

Unauthorized user warnings in Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 can be issued by authenticated non-staff users due to a type coercion flaw in the post actions API endpoint. Attackers with valid login credentials can exploit this to send warnings meant only for staff moderators, though no data exposure or further privilege escalation occurs. No patch workaround is currently available.

Unauthorized access to hidden post revisions in Discourse through version enumeration allows unauthenticated users to bypass authorization checks and read staff-concealed edit history. The /posts/:id.json endpoint fails to validate user permissions before displaying revision content, enabling attackers to enumerate version numbers and access sensitive historical data. Affected deployments should upgrade to versions 2026.3.0-latest.1, 2026.2.1, or 2026.1.2 as no workarounds are available.

Insufficient sanitization of Codepen iframe parameters in Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows authenticated attackers to manipulate users into changing the main page URL through social engineering. The vulnerability requires user interaction and network access but has no available patch, making disabling Codepen embeds the recommended mitigation.

Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 contain an authorization bypass that allows authenticated users to escalate ordinary topics to site-wide notices or banners by manipulating request parameters, circumventing administrative controls. This vulnerability affects any Discourse instance where regular users should not have the ability to create global announcements. No patch is currently available, and administrators should review recent banner and notice changes for unauthorized modifications until updating.

The Data Explorer plugin in Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0 fails to properly enforce access controls, allowing any authenticated user to execute arbitrary SQL queries against unprotected queries, including system-level queries. This affects all installations with the Data Explorer plugin enabled and permits authenticated attackers to access or modify sensitive data without proper authorization. No patch is currently available, though administrators can mitigate the issue by explicitly setting group permissions on queries or disabling the plugin.

Stored cross-site scripting in Discourse allows attackers to inject malicious HTML through user full names when specific display settings are enabled, which executes in the browsers of users viewing or editing affected posts. The vulnerability requires the `display_name_on_posts` setting to be true and `prioritize_username_in_ux` to be false, potentially affecting installations with these configurations. No patch is currently available, and users should disable the vulnerable display settings or upgrade to patched versions 2025.12.2, 2026.1.1, or 2026.2.0.

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CSV export endpoint by exploiting an overly permissive allowlist in `can_export_entity?`. [CVSS 2.7 LOW]

Discourse's posts_nearby function fails to properly filter whispered posts based on user permissions, allowing authenticated users with high privileges to view confidential whispers intended only for specific recipients. The vulnerability stems from inadequate post-type filtering that bypasses guardian-based access controls. No patch is currently available for affected versions prior to 2025.12.2, 2026.1.1, and 2026.2.0.

Discourse is an open source discussion platform. [CVSS 3.8 LOW]

Discourse is an open source discussion platform. [CVSS 3.8 LOW]

SQL injection in Discourse's private message tag filtering allows authenticated users to bypass tag restrictions and read unauthorized private message metadata. Affected versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 expose sensitive conversation information to users who should not have access. No patch workaround exists for unpatched installations.

The Discourse poll plugin voters endpoint fails to validate post visibility permissions, enabling unauthenticated attackers to enumerate poll voter details across any post in affected instances. This information disclosure affects Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0, with no workaround available until patching. No patch is currently available for earlier versions.

Insecure Direct Object References in Discourse ReviewableNotesController allow category moderation group members to create or delete notes on any reviewable in the system regardless of moderation scope when category group moderation is enabled. This authorization bypass affects Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0, enabling users to manipulate moderation records outside their assigned categories. No patch is currently available.

Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 contain an insecure direct object reference (IDOR) in the directory items endpoint that allows unauthenticated attackers to retrieve private user field values for all directory users. The vulnerability stems from missing authorization checks on the user_field_ids parameter, enabling bulk exfiltration of sensitive user data that should be restricted by visibility settings. No patch is currently available for affected deployments.

The discourse-policy plugin in Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0 fails to verify user permissions when processing policy actions, allowing authenticated users to accept or reject policies on posts they cannot access in private categories or private messages. Attackers can exploit this authorization bypass to manipulate policies on restricted content and enumerate post IDs with policies through error message differences. The vulnerability requires authentication but affects the confidentiality and integrity of policy-protected discussions.

Discourse instances with an unconfigured patreon_webhook_secret allow remote attackers to forge valid webhook signatures using an empty HMAC-MD5 key, enabling arbitrary creation, modification, or deletion of Patreon pledge data and unauthorized patron synchronization. The vulnerability affects Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0, and currently lacks an available patch. Administrators must explicitly configure the patreon_webhook_secret setting or upgrade to patched versions to mitigate this integrity attack.

Unauthenticated attackers can submit forged webhook payloads to multiple email provider integrations in Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 when authentication tokens are not configured, allowing them to artificially inflate user bounce scores and disable legitimate user accounts. The vulnerability affects webhook endpoints for SendGrid, Mailjet, Mandrill, Postmark, and SparkPost, with Mailpace having no token validation whatsoever. Administrators should immediately configure webhook authentication tokens for all email provider integrations as a workaround until patching is available.

Discourse versions before 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allow non-admin moderators to access restricted staff action logs containing sensitive data such as webhook secrets, API keys, private messages, and restricted category information. An attacker with moderator privileges could extract confidential information and use leaked webhook credentials to spoof events to integrated services. No patch is currently available for this access control bypass.

Discourse is an open source discussion platform. [CVSS 7.5 HIGH]

Discourse versions before 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allow moderators with insufficient permissions to convert private messages into public topics, potentially exposing sensitive user communications. The vulnerability affects any Discourse instance where untrusted moderators have access to moderation features. Site administrators can mitigate this by temporarily removing moderator privileges or disabling personal message access for moderator groups until patching to a fixed version.

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. [CVSS 5.4 MEDIUM]

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the `top_uploads` admin report which should be restricted to admins only. [CVSS 6.5 MEDIUM]

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as the shared worker pool becomes exhausted. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Lowering the max_draft_length site setting reduces attack surface but does not f...

Discourse is an open source discussion platform. [CVSS 6.9 MEDIUM]

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by users with moderation privileges even though moderators should not have access to the archives. [CVSS 6.5 MEDIUM]

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. [CVSS 7.6 HIGH]

Discourse is an open source discussion platform. [CVSS 5.4 MEDIUM]

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attackers to cause noticeable server delays and resource exhaustion by sending large JSON payloads to the username preference endpoint PUT /u//preferences/username, resulting in degraded performance for other users and endpoints. This issue is pat...

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. [CVSS 7.1 HIGH]

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. [CVSS 4.6 MEDIUM]