CVE-2026-29072 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy crea…
High CVSS: 8.2

CVE-2026-29072

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, disable the discourse-policy plugin by disabling the `policy_enabled` site setting.
Vendor
Discourse
Product
Discourse
CWE
CWE-862
Yayın Tarihi
2026-03-19 22:16:31
Güncelleme
2026-03-23 20:11:17
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-862 Discourse HIGH Discourse 2026

Referanslar

https://github.com/discourse/discourse/security/advisories/GHSA-7ph8-vprq-4jrp