QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-28227

Back to search

CVE-2026-28227

Published: Feb 26, 2026

Modified: Mar 3, 2026

PUBLISHED

Description

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the `publish_to_category` topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

VendorProductVersions

discourse

discourse

affected
< 2025.12.2
affected
>= 2026.1.0-latest, < 2026.1.1
affected
>= 2026.2.0-latest, < 2026.2.0

Weaknesses (CWE)

CWE-863

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now