Primary

Context

Discourse Restriction Bypass Vulnerability Allowing Post Action Count Disclosure to Non-Privileged Users

Vulnerability

Patched

A restriction bypass vulnerability has been identified in Discourse, an open-source discussion platform. This issue affects versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. The vulnerability allows restricted post action counts to be disclosed to non-privileged users through a carefully crafted request.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of restricted post action counts to non-privileged users.

Remediation

Users can upgrade to Discourse versions 2026.3.0-latest.1, 2026.2.1, or 2026.1.2 to address this vulnerability.

Added: Mar 19, 2026, 10:56 PM

Updated: Mar 19, 2026, 10:56 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.7

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.7

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Discourse Restriction Bypass Vulnerability Allowing Post Action Count Disclosure to Non-Privileged Users

Vulnerability

Impact

Remediation

Affected Products

Discourse

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating