Primary

Context

Discourse Moderator Privilege Escalation Vulnerability Allowing Unauthorized Edits to Site Policy Documents

Vulnerability

A vulnerability in Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows moderators to edit site policy documents, such as terms of service, guidelines, and privacy policies, that they are not authorized to modify. This issue arises from a flaw in the moderation privileges, enabling unauthorized changes to critical policy documents.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of site policy documents, allowing moderators to change terms of service, guidelines, or privacy policies they are not permitted to alter.

Remediation

Users are advised to upgrade to Discourse versions 2026.3.0-latest.1, 2026.2.1, or 2026.1.2, all of which contain the necessary patch.

Added: Mar 20, 2026, 3:34 AM

Updated: Mar 20, 2026, 3:34 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Discourse Moderator Privilege Escalation Vulnerability Allowing Unauthorized Edits to Site Policy Documents

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating