Primary

Context

Discourse User Archive Access Vulnerability for Moderators

Vulnerability

A vulnerability in Discourse allows users with moderation privileges to access private user archives, which should be restricted. This issue is present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. The unauthorized access leads to a breach of confidentiality, as private topics and posts are leaked through the archives.

Impact

The vulnerability results in unauthorized access to private user content, including topics and posts, by moderators, causing a breach of confidentiality.

Remediation

To address this vulnerability, site administrators can temporarily revoke the moderation role from all moderators until the Discourse instance is upgraded to a patched version. The updated versions are 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0.

Added: Jan 28, 2026, 8:25 PM

Updated: Jan 28, 2026, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.4

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.4

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Discourse User Archive Access Vulnerability for Moderators

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating