Discourse

215 tracked vulnerabilities.

CVE-2026-28227 LOW
Discourse <2025.12.2 - Auth Bypass
Feb 26, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-28219 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Privilege Escalation
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-28218 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - SQL Injection
Feb 26, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27154 MEDIUM
Discourse <2025.12.2 - XSS
Feb 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27153 LOW
Discourse <2025.12.2/2026.1.1/2026.2.0 - Info Disclosure
Feb 26, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-27162 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Info Disclosure
Feb 26, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-27152 LOW
Discourse <2025.12.2 - Auth Bypass
Feb 26, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-27151 LOW
Discourse <2025.12.2/2026.1.1/2026.2.0 - Privilege Escalation
Feb 26, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-27150 LOW
Discourse <2025.12.2/2026.1.1/2026.2.0 - Info Disclosure
Feb 26, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-27149 MEDIUM
Discourse <2025.12.2 - SQL Injection
Feb 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27021 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Info Disclosure
Feb 26, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-26979 LOW
Discourse <2025.12.2 - Privilege Escalation
Feb 26, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-26973 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - IDOR
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26265 HIGH
Discourse <2025.12.2 - Info Disclosure
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26207 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Auth Bypass
Feb 26, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-26078 HIGH
Discourse <2025.12.2/2026.1.1/2026.2.0 - Auth Bypass
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26077 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Auth Bypass
Feb 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-24742 MEDIUM
Discourse < 3.5.4 - Incorrect Authorization
Jan 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23743 HIGH
Discourse <3.5.4,2025.11.2,2025.12.1,2026.1.0 - Info Disclosure
Jan 28, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-21865 MEDIUM
Discourse < 3.5.4 - Missing Authorization
Jan 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-69289 MEDIUM
Discourse < 3.5.4 - Incorrect Authorization
Jan 28, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-69218 MEDIUM
Discourse < 3.5.4 - Incorrect Authorization
Jan 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-68934 MEDIUM
Discourse <3.5.4,2025.11.2,2025.12.1,2026.1.0 - Use After Free
Jan 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-68933 MEDIUM
Discourse < 3.5.4 - Incorrect Authorization
Jan 28, 2026
CVSS 6.9
EPSS 0.00
CVE-2025-68666 MEDIUM
Discourse <3.5.4, <2025.11.2, <2025.12.1, <2026.1.0 - Info Disclosure
Jan 28, 2026
CVSS 6.5
EPSS 0.00
Products
discourse 188 calendar 4 discourse_calendar 3 discourse-chat 3 discourse_reactions 2 discourse_footnote 1 discourse_jira 1 discourse_yearly_review 1 group_membership_ip_blocks 1 mermaid 1 message_bus 1 microsoft_authentication 1 patreon 1 rails_multisite 1 ai 1 reactions 1 assign 1 discotoc 1 discourse_bbcode 1 discourse-encrypt 1
Quick Filters
Critical CVEs With Exploits In CISA KEV