Primary

Context

Discourse IP Address Exposure Vulnerability in Review Queue

Vulnerability

Patched

A vulnerability in Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows the IP address of flagged users to be visible to any user with access to the review queue. This exposure includes users who should not have access to IP address information.

Impact

This vulnerability allows for the unauthorized exposure of IP addresses of flagged users, potentially leading to privacy concerns.

Remediation

Users are advised to upgrade to Discourse versions 2026.3.0-latest.1, 2026.2.1, or 2026.1.2.

Added: Mar 20, 2026, 11:19 PM

Updated: Mar 20, 2026, 11:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

3.0

remediation

7.7

relevance

4.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

3.0

remediation

7.7

relevance

4.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Discourse IP Address Exposure Vulnerability in Review Queue

Vulnerability

Impact

Remediation

Affected Products

Discourse

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating