Primary

Context

Discourse Information Disclosure Vulnerability via User Action API

Vulnerability

Patched

A vulnerability in Discourse, an open-source discussion platform, allows unauthorized users to access the title and post excerpt through a user action API endpoint. This issue affects versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, and arises from a lack of visibility checks, leading to unauthorized information disclosure. The vulnerability has been patched in the mentioned versions, but no known workarounds are available.

Impact

Exploitation of this vulnerability results in unauthorized access to private topic titles and post excerpts, leading to information disclosure.

Added: Mar 19, 2026, 10:57 PM

Updated: Mar 19, 2026, 10:57 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.7

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.7

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Discourse Information Disclosure Vulnerability via User Action API

Vulnerability

Impact

Affected Products

Discourse

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating