QwikSec

Security Database

CVE

CWE

Training

CVE-2026-27021

Published: Feb 26, 2026

Modified: Feb 28, 2026

PUBLISHED

Description

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the poll plugin lacked post visibility checks which allowed unauthorized access to voters details of polls in any post. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

Vendor	Product	Versions
discourse	discourse	affected `< 2025.12.2` affected `>= 2026.1.0-latest, < 2026.1.1` affected `>= 2026.2.0-latest, < 2026.2.0`

Weaknesses (CWE)

References

https://github.com/discourse/discourse/security/advisories/GHSA-f5m5-9hpw-7c2g

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.