discourse — Vulnerabilities & Security Advisories 234

All 234 CVE vulnerabilities found in discourse, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-34947	Discourse: Staged user custom fields are exposed on public invite pages CWE-200	4.3^AI	Medium^AI	2026-04-03
CVE-2026-27481	Discourse: Hidden tag visibility bypass on tag routes CWE-200	5.3^AI	Medium^AI	2026-04-03
CVE-2026-33415	Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure CWE-284	2.7	-	2026-03-31
CVE-2026-33300	Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint CWE-200	4.3	-	2026-03-31
CVE-2026-33185	Discourse: Group SMTP test endpoint susceptible to SSRF CWE-918	4.3	-	2026-03-31
CVE-2026-33074	Discourse: Vulnerability in discourse-subscriptions plugin allowing users to self-grant to higher tier subscriptions CWE-269	7.1	-	2026-03-31
CVE-2026-32951	Discourse: Authorization bypass in oneboxer via user-controlled category id CWE-200	4.3	Medium	2026-03-31
CVE-2026-32620	Discourse: Missing post-level authorization allows whisper metadata disclosure CWE-200	4.3	-	2026-03-31
CVE-2026-32619	Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories CWE-285	5.4	-	2026-03-31
CVE-2026-32618	Discourse: Unauthorized channel membership inference via excluded_memberships_channel_id CWE-200	4.3	Medium	2026-03-31
CVE-2026-32615	Discourse: Category group moderators can perform actions on topics in restricted categories without read access CWE-285	7.1	-	2026-03-31
CVE-2026-32607	Discourse: Stored XSS via unescaped assignee name CWE-79	5.4	-	2026-03-31
CVE-2026-32273	Discourse: XSS on category description update via API CWE-79	5.4	Medium	2026-03-31
CVE-2026-32243	Discourse: Stored XSS in discourse-ai shared conversations onebox CWE-79	5.4	-	2026-03-31
CVE-2026-32143	Discourse: Admin-only report can be exported by moderators CWE-200	6.5	-	2026-03-31
CVE-2026-32113	Discourse: Open redirect via `sso_destination_url` cookie in `enter` CWE-601	6.4	-	2026-03-31
CVE-2026-33073	discourse-subscriptions plugin leaking stripe API key in multisite environment CWE-200	6.5	-	2026-03-31
CVE-2026-33428	Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership CWE-863	5.4	-	2026-03-20
CVE-2026-33427	Discourse Authorization Page Displays Unvalidated Redirect Domain CWE-862	4.3	-	2026-03-20
CVE-2026-33426	Discourse users can edit or synonymize hidden tags they can't see CWE-862	3.5	Low	2026-03-20
CVE-2026-33425	Discourse has inferable private group membership or existence via exclude_groups parameter CWE-203	5.3	-	2026-03-20
CVE-2026-33424	PM access granted through invites after access revocation CWE-863	5.9	Medium	2026-03-20
CVE-2026-33423	Discourse staff can modify any user's group notification level CWE-862	4.3	-	2026-03-20
CVE-2026-33422	Discourse exposes ip_address of flagged user CWE-200	3.5	Low	2026-03-20
CVE-2026-33411	Discourse's solved topic stream has potential stored XSS in topic title CWE-79	5.4	Medium	2026-03-20
CVE-2026-33291	Discourse user can create Zendesk tickets even when it does not have access to topic CWE-863	4.3	-	2026-03-20
CVE-2026-33251	Discourse has a Hidden Solved topics permission bypass CWE-863	5.4	Medium	2026-03-20
CVE-2026-32114	Discourse's unscoped status lookups leak restricted metadata CWE-639	4.3	-	2026-03-20
CVE-2026-31869	Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check CWE-200	4.3	-	2026-03-20
CVE-2026-31805	Discourse has a poll authorization bypass via post_id array parameter CWE-863	5.3	Medium	2026-03-20

All 234 known CVE vulnerabilities affecting discourse with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

discourse — Vulnerabilities & Security Advisories 234