discourse

274 tracked vulnerabilities.

CVE-2026-27491 MEDIUM
Discourse Post Actions API - Non-Staff Warning Authorization Bypass
Mar 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27454 MEDIUM
Discourse has check revision visibility on posts endpoint
Mar 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27166 MEDIUM
Discourse vulnerable to HTML injection via prohibited iframe URLs
Mar 19, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-28227 LOW
Discourse < 2025.12.2, 2026.1.1, 2026.2.0 - Incorrect Authorization via Topic Timer
Feb 26, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-28219 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Privilege Escalation
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-28218 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - SQL Injection
Feb 26, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27154 MEDIUM
Discourse < 2025.12.2, 2026.1.1, 2026.2.0 - Stored Cross-Site Scripting via User Full Name
Feb 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27153 LOW
Discourse <2025.12.2/2026.1.1/2026.2.0 - Info Disclosure
Feb 26, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-27162 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Info Disclosure
Feb 26, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-27152 LOW
Discourse < 2025.12.2, 2026.1.1, 2026.2.0 - Improper Access Control via Chat::AddUsersToChannel
Feb 26, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-27151 LOW
Discourse <2025.12.2/2026.1.1/2026.2.0 - Privilege Escalation
Feb 26, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-27150 LOW
Discourse <2025.12.2/2026.1.1/2026.2.0 - Info Disclosure
Feb 26, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-27149 MEDIUM
Discourse <2025.12.2 - SQL Injection
Feb 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27021 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Info Disclosure
Feb 26, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-26979 LOW
Discourse <2025.12.2 - Privilege Escalation
Feb 26, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-26973 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - IDOR
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26265 HIGH
Discourse <2025.12.2 - Info Disclosure
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26207 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Auth Bypass
Feb 26, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-26078 HIGH
Discourse <2025.12.2/2026.1.1/2026.2.0 - Auth Bypass
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26077 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Auth Bypass
Feb 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-24742 MEDIUM
Discourse < 3.5.4, 2025.11.2, 2025.12.1, 2026.1.0 - Incorrect Authorization in Staff Action Logs
Jan 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23743 HIGH
Discourse <3.5.4,2025.11.2,2025.12.1,2026.1.0 - Info Disclosure
Jan 28, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-21865 MEDIUM
Discourse < 3.5.4 - Missing Authorization for Personal Message Conversion
Jan 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-69289 MEDIUM
Discourse < 3.5.4 - Privilege Escalation via Email Change Bypass
Jan 28, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-69218 MEDIUM
Discourse < 3.5.4, < 2025.11.2, < 2025.12.1, < 2026.1.0 - Incorrect Authorization in Admin Report
Jan 28, 2026
CVSS 6.5
EPSS 0.00
Products
discourse 241 calendar 4 discourse-chat 3 discourse_calendar 3 discourse_reactions 2 WP Discourse 1 ai 1 assign 1 discotoc 1 discourse-ai 1 discourse-code-review 1 discourse-encrypt 1 discourse-placeholder-theme-component 1 discourse-policy 1 discourse-reactions 1 discourse_bbcode 1 discourse_footnote 1 discourse_jira 1 discourse_yearly_review 1 group_membership_ip_blocks 1 mermaid 1 message_bus 1 microsoft_authentication 1 patreon 1 rails_multisite 1 reactions 1
Quick Filters
Critical CVEs With Exploits In CISA KEV