Primary

Context

Discourse Cached AI Summary Leak Vulnerability

Vulnerability

Patched

A vulnerability in Discourse, an open-source discussion platform, allows outdated cached AI summaries to leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue is present in Discourse versions prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.

Impact

Exploitation of this vulnerability can lead to the unauthorized disclosure of removed content to users who are not privileged or anonymous.

Remediation

Users can upgrade to Discourse versions 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1. Alternatively, summary generation can be restricted by tightening the allowed groups on the summarization Personas.

Added: May 19, 2026, 12:21 AM

Updated: May 19, 2026, 12:21 AM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

2.9

remediation

8.3

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

2.9

remediation

8.3

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Discourse Cached AI Summary Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Discourse

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating