Primary

Context

Discourse Poll Plugin Post Visibility Vulnerability in Voters Endpoint

Vulnerability

Patched

A vulnerability exists in the Discourse poll plugin, specifically in versions prior to 2025.12.2, 2026.1.1, and 2026.2.0. The issue arises because the voters endpoint did not implement proper post visibility checks. This oversight allowed unauthorized users to access details about voters in any poll post. The vulnerability could be exploited without any special requirements or privileges.

Impact

Exploitation of this vulnerability led to unauthorized access to voter details in polls, potentially allowing users to see how others voted in any post.

Remediation

Users can upgrade to Discourse versions 2025.12.2, 2026.1.1, or 2026.2.0 to address this vulnerability.

Added: Feb 26, 2026, 9:32 PM

Updated: Feb 26, 2026, 9:32 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.7

remediation

7.7

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.7

remediation

7.7

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Discourse Poll Plugin Post Visibility Vulnerability in Voters Endpoint

Vulnerability

Impact

Remediation

Affected Products

Discourse

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating