← Back

CVE-2026-33251

nvd nist
Published: Mar 20, 2026Modified: Mar 24, 2026

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.5
Source: security-advisories@github.com (Secondary)

Description

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure only trusted users are part of the Site Setting for accept_all_solutions_allowed_groups.

Affected (3)

Products: Discourse: Discourse
Discourse
1 product
Discourse
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Discourse
Discourse
From 2026.1.0 to 2026.1.2
Discourse
From 2026.2.0 to 2026.2.1
Discourse
Version 2026.3.0

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

Source: security-advisories@github.com
MitigationVendor Advisory

Timeline

No history available yet.