Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DIscourse has DM communication-preference bypass when adding members
Vulnerability Description
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via `Chat::AddUsersToChannel` — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipient PM restrictions that are enforced during DM channel creation. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Discourse 访问控制错误漏洞
Vulnerability Description
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 2025.12.2之前版本、2026.1.1之前版本和2026.2.0之前版本存在访问控制错误漏洞,该漏洞源于通过Chat::AddUsersToChannel添加成员时可绕过私信通信偏好限制,可能导致用户将已屏蔽目标添加到现有私信频道。
CVSS Information
N/A
Vulnerability Type
N/A