CVE-2026-33355

Medium CVSS: 6.5

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `/private-posts` endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

Vendor

Discourse

Product

Discourse

CWE

CWE-200

Yayın Tarihi

2026-03-19 22:16:42

Güncelleme

2026-03-24 20:41:42

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Discourse MEDIUM Discourse 2026

Referanslar

https://github.com/discourse/discourse/commit/84e5865a279716c6866e8c0648d1d8b42320603c https://github.com/discourse/discourse/commit/d25b8ee9ee182dbb34e92b34e39878ce4d59bcdc https://github.com/discourse/discourse/commit/d2f317271ad7638f1e2791905472ebd9370946d1 https://github.com/discourse/discourse/security/advisories/GHSA-g4v5-6gfp-3hjq

Benzer Kayıtlar

Medium

CVE-2026-32113

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be…

Medium

CVE-2026-33425

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenti…

Low

CVE-2026-33426

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with…

Low

CVE-2026-33427

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthe…

Medium

CVE-2026-33428

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staf…

Medium

CVE-2026-33424

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacke…