Primary

Context

Discourse Tag Synonym Editing Vulnerability in Restricted Groups

Vulnerability

Patched

A vulnerability exists in Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, allowing users with tag-editing permissions to modify and create synonyms for tags concealed in restricted groups. This could be done without having visibility into those tags. The issue has been addressed in the mentioned patched versions.

Impact

This vulnerability could lead to unauthorized editing and synonym creation for tags in restricted groups, potentially disrupting tag organization and management.

Remediation

Users are advised to upgrade to Discourse versions 2026.3.0-latest.1, 2026.2.1, or 2026.1.2.

Added: Mar 21, 2026, 12:27 AM

Updated: Mar 21, 2026, 12:27 AM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

3.3

remediation

7.7

relevance

4.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

3.3

remediation

7.7

relevance

4.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Discourse Tag Synonym Editing Vulnerability in Restricted Groups

Vulnerability

Impact

Remediation

Affected Products

Discourse

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating